On Thu, 2003-08-14 at 10:09, Jeffrey A.K. Dick wrote: > Brad Bemis wrote: "Personally I am getting tired of people making these > kinds of comments. ... While it may be true that blocking port 135 at the > firewall would work in an ideal environment" > > Amen ... and ...forget about "ideal environment" ... it won't necessarily be > effective in *any* environment except the > "network-comprised-of-a-single-computer-that-nobody-uses" (tm). These people > clearly haven't heard of notebooks and the concept of people using them > outside the network (say, at home). Microsoft+VPN works fine with these ports firewalled. Nonmicrosoft software is also fine, so your linux box with ximian makes a good desktop that isn't affected, as is a Mac. You have choices. Or, at least, your superiors do, despite many execs liking to pretend there isn't anything in the world but microsoft. > These are the same folks who patted themselves on the back all Monday night > for protecting their networks ... until people started plugging their > notebooks into the network on Tuesday morning ... oops ... Agreed that firewalls are often ineffective, but that doesn't mean they shouldn't be used. I love the descriptiveness of firewalls as "a hard crunchy shell with a soft, chewy center". If you firewall -and- stay up on your patches, then you're using a firewall effectively. But many see a firewall as an excuse for not patching. -- Dan Stromberg DCS/NACS/UCI <strombrg@dcs.nac.uci.edu>
This is a digitally signed message part