Naive users are a fact of life, education is not an option in most firms.
I spend more time with virus hoaxes than viruses, simple stemming the chain letters.
A modern office assumes a computer with Internet access on a desktop as much as a
telephone and a chair. So you need to deal with the security problems from a reality
that users will access malicious sites. So one is constantly trading off various
business needs. Security is not always the most important, but allowing the business
to operate is.
It is easy to convince a senior manager not to allow ICQ until her stockbroker has
an ICQ tip room. The task is then to allow her to access that without harming the
security of the rest of the network. Those firewalls that have good proxies allow one
to balance priorities with more options.
Of course you don't allow Napster/ICQ/IRC etc. as much as possible. But corporate
needs are more important than particular stances.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Martin H
Hoz-Salvador
Sent: Wednesday, January 31, 2001 02:33
To: Bill Royds
Cc: Ron DuFresne; Bernd Eckenfels; Rohit Gupta; firewall list
Subject: Re: stateful inspection
Bill Royds wrote:
>
> Most users of Win9x are naive about the nature of the Internet and are
> not aware of the risks inherent in various Internet services. They will
> run programs that attempt to download binary data through HTTP, are easily
> persuaded to click on executables in email, etc. A proxy firewall forces
A naive user is an education problem. Could be adX-Mozilla-Status: 0009sing firewalls
-deny dangerous services such as 137/138/139 ports at
your router or firewall- but you can't do so much if anyway you allow
ICQ/Napster/iMesh traffic and then your user opens the whole harddisk
to the world.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
