Paris Lundis wrote: > A good summary Jochem would be for folks to tune the firewall and > ensure permissions/allowable IP list...
Since when can you even buy a 10 Gbps firewall? > In your environment you point out the user base... 8000... agreeable... > large base for things... > > Tune the firewall and restrict traffic there ... allowing like port 80 > in and out disbaling all other services and ports, except those in a > defined list of authrozied servers... All 8000 systems are authorized servers. About 65525 of 65536 ports are authorized ports. You can't firewall a production network where the product is (supposed to be) innovation. I think we have had this discussion last week already, but firewalls are not the answer to all problems. Sure, properly secured firewalls on machines running MS SQL Server would have prevented this issue (at least, nobody has convinced me that UDP should be allowed to a production server at all). But there are allways other scenario's where a firewall would not help. In the end, vigilance on all the aspects of security is the only way to make sure problems like this worm don't cause a total meltdown of the internet. Jochem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
