[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Reasons against opening I-net access..
Joe Delsol wrote: > What are the reasons against opening all port access to the internet > from my internal users? A whole bunch of reasons against opening this up have been proposed, which are all valid. One good reason *for* opening it up however is this: 1) Your users can get work done. Security is a tradeoff - protect your network from abuse, and you at the same time prevent it's use. A good idea is to take the middle ground - nothing is allowed by default, but be liberal in allowing things where they are necessary. Nothing is more frustrating as a user when a service (like rsync, ssh, CVS, ftp, streaming media, etc etc) is not allowed and no workaround exists to cater for it. The web != the internet. Despite the huge potential the internet has for abuse by workers it's also in my experience the most valuable work tool that I have. Be too restrictive in your access control and you might as well not have access at all. Regards, Graham -- ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|