-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Reckhard, Tobias
Sent: Thursday, February 01, 2001 07:06
To: 'Darrin Johansen'; '[EMAIL PROTECTED]'
Subject: RE: opening outgoing ports - standards?
>> "What's so bad about using just any old port, surely they are all the
>> same"
>
>Which is perfectly true.
What is not true that all protocols are the same. And therein lies the rub.
Protocols that have RFCs behind them may not be secure (vis IRC) but at least one can
evaluate the security and make a rational decision. Protocols and services that are
completely proprietary depend only on the trust of the manufacturer, be it Microsoft
or East Podunk Software. When a company like Microsoft blows its security (PPTP v1 or
H.323) then how can you trust East Podunk.
What one needs is a Internet service policy detailing what characteristics a
service needs to be allowed through your perimeter (or on network at all).
Things like "client initiated with all authenticated" or
"uses FIPS140 allowed security algorithms" etc.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
