Oskar Sandberg wrote: > > On Thu, May 03, 2001 at 11:22:00AM -0400, Derek Glidden wrote: > <> > > Most firewalls nowadays, or at least the ones being managed by competent > > admins, take a "Deny by default" approach. In other words, not only on > > inbound but also on outbound connections, *all* connections are denied > > unless explicitly approved. > > What possible reason is there to do that short of fucking with your users? > I mean, it isn't even going to help against troyans, since any troyan > worth a damn that gets in will call out using port 80 these days (if not > otherwise then not to be spotted).
It's called "security." I would venture to say that most companies/corporations over a couple of dozen people, and even smaller ones with competent security administrators operate this way. Smaller
