On Wed, 17 Mar 2004, Chuck Yerkes wrote: > Change for the sake of change is bad. > Stagnation for the sake of avoiding change is also bad.
If it makes you feel better, we firewall _all_ outbound as well as inbound connections and there is up-to-the-hour AV/spam running in both directions on the network mail bastion server. That's something forced on us by all the stupid windoze users, but it provides protection against any rogue boxes of any flavour OS. On top of the firewalling, excessive attempts to go past the firewall on unauthorised ports result in immediate lockout of the relevant switchport and that requires manual intervention to restore.
