Re: [fw-wiz] how prevelant
From: Brian Ford (brford_at_cisco.com)
To: firstname.lastname@example.org Date: Tue, 12 Oct 2004 11:20:20 -0400
I'm only seeing really small business or academic environments even trying
to do this. Most are unsuccessful. More and more often ISPs like
Cablevision and their Optimum Online service are blocking all domain (as
well as SMTP) traffic at the edge of their cloud. I've heard from people
outside that ISP that they are considering blocking this traffic within
Regarding VPN access I see everything including tokens, various types of
Smartcards, Active Directory integration, our ACS (AAA server), and yes
even PKI being used somewhere. I think the issue of this space is that
there are multiple ways to do it and the definition of ease of use varies
from person to person.
Remember healthy paranoia can be your friend.
Liberty for All,
At 08:31 AM 10/12/2004 -0400, email@example.com
>Date: Fri, 8 Oct 2004 15:05:59 -0400 (EDT)
>From: "R. DuFresne" <firstname.lastname@example.org>
>Subject: [fw-wiz] how prevelant
>how common is it for a company to have it's NT domain and novell
>athentication pass openly across the internet, and have this be the
>requirement to access VPN tunnel rights from outside into the company?
>The firewalls I manage keep all windows related protocols in the 135-139,
>445 and 5000 ports arenas internal only, none f this traffic passes
>outside the firewalls, none is allowedto pass outside, unltess tunneled.
>Is this not a standard practise with any org with half a clue of security,
>or am I being more tightfisted with access and control then is the norm?
> admin & senior security consultant: sysinfo.com
>"Cutting the space budget really restores my faith in humanity. It
>eliminates dreams, goals, and ideals and lets us get straight to the
>business of hate, debauchery, and self-annihilation."
> -- Johnny Hart
>testing, only testing, and damn good at it too!
Consulting Engineer, Enterprise Architecture Security Specialist
Technology Policy & Consulting Engineering
Cisco Systems Inc.
The opinions expressed in this message are those of the author and not
necessarily those of Cisco Systems, Inc..
This email address is transmitted from San Jose, California, U.S.A..
firewall-wizards mailing list