Re: Man gets nine years for spamming
From: Michael Pelletier (mjpelletier_at_mjpelletier.com)
Date: 04/23/05
- Next message: Michael Pelletier: "Re: Man gets nine years for spamming"
- Previous message: Michael Pelletier: "Re: Man gets nine years for spamming"
- In reply to: Moe Trin: "Re: Man gets nine years for spamming"
- Next in thread: Moe Trin: "Re: Man gets nine years for spamming"
- Reply: Moe Trin: "Re: Man gets nine years for spamming"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 22 Apr 2005 22:00:43 -0700
Moe Trin wrote:
> In article <F_E8e.6719$0d6.772@tornado.ohiordc.rr.com>, Leythos wrote:
>>On Sun, 17 Apr 2005 19:21:49 -0500, Moe Trin wrote:
>
>>> Hotmail??? What an incredibly stupid thing to use for business. My
>>> management would go absolutely ballistic if I tried to conduct business
>>> and failed to use the company mail servers. It really doesn't inspire
>>> confidence to see a hotmail or similar used as part of company business.
>>> Not in the office? Tunnel in. Period.
>
> I still can't get over this one. In the 15+ years that I've had external
> email. I have NEVER seen a reputable company using anything other than
> their own mail systems. Flat out NEVER! Heck, even my neighbors teenage
> son who's operating a bicycle repair service out of the third bay of
> the family garage even knows that - has his own domain, and even provides
> bills on a presentable letterhead. I don't think he's out of high school
> yet.
Maybe you misunderstood my original post. Maybe I did not explain it clearly
for you. First no, I do not work for a company that uses HOTMAIL. I need to
emaila question to a possible vendor. I was in a cafe. I had my Palm Treo.
I was already logged into hotmail at the time. So I created an email and
sent my question on pricing to them. Get it now?????????
>>OG, I'm starting to suspect he's not really a technical type, more of a
>>some-day-hopeful. As I see it, almost every company I know, and all of
>>them we've setup, have Web access to their email, including access via
>>their cell phones, PDA Cells, BlackBerry's, etc....
>
> I don't think we've ever had web access. In the late '80s. once we got
> access to DARPANET, we had some horrible application - don't even remember
> the program name - that ran under DOS that you basically used for terminal
> access. That lasted until about 1992, when we got an application that ran
> under 4BSD, AIX, and SunOS over the net. It was basically a form of
> encrypted telnet with passwords changing weekly, then your session was
> further encrypted with a personal key once you logged in. If you were
> coming in over the Internet (and in 1992, that wasn't all that common),
> you connected to a bastion host, and after authentication there, got to
> connect to an inner server where you logged in and actually did stuff. It
> was _SLOOOOOOOOOWWW!!! The company backbone then was a 56k link, and all
> of the local sites were running 10MB Ethernet. Our connections to the
> world (we had 3 that I was aware of) were also 56K links. When we finally
> got a T1, we were amazed. Almost like "local" performance. I don't know
> what the backbone is now, but last week I was stealing lots of CPU cycles
> for the accounting division (it's tax time) from servers in France, Japan,
> New York, and California depending on local time of day.
>
I remember going from a 56k frame relay to 512. I though I was in
heaven :-). Now, we have 100Mb FastE (it really is a Sonet transport with a
100Mb FastE handoff) links within the city I work. How things change so
fast...Now VoIP...
>>He keeps coming up with reason to not block a network, but he's not
>>addressing the issues that were presented at the start of the discussion,
>>and he fails to understand that the proper way to secure a network is to
>>restrict access to only those that need it.
>
> Access to a network isn't all of it. Everything that is publicly
> accessible on our nets are in the DMZ, or locally operated DMZs in
> overseas facilities. That includes mail in/out, web servers, ftp, and
> such. There is no access to ANY internal network, and that includes
> name-service to resolve internal subnet hostnames. For that matter, there
> is no access _from_ the DMZ into the internal network - only access from
> internal _to_ the DMZ/. Our remote access from the world isn't even on our
> /8, which does make it harder to hack in. It's slightly slower, but it's
> not like we have people running remote X at 1600x1280x76 through a tunnel.
> Old guy
Nice setup...
I run all FreeBSD servers in the DMZs. Each server is stripped down to the
barebones. Only what is needed to preform the task the server does is
allowed on. Each service within each server is run in a jailed environment.
We have 12 DMZ interfaces. Each DMZ performs a logical task. I.E. Email
gateways are in one DMZ, Web servers another DMZ, etc, etc. All access is
one-way (from the intranet to the DMZ) except email (which is allowed to
forward to the internal email servers and syslog which is allowed to also
forward syslog messages to an internal server. I have Snort boxes on all of
the DMZs and in between the Internet routers (using BGP) and the first
firewall. Each Snort box has a local firewall and blocks every packet from
the bridging layer up on the "listening" interface. They all have their
reporting interface connect to a special DMZ that my internal system
monitor polls to....and so on and so on...
Take care, nice talking with someone who really knows security as apposed to
wannabes...
Michael
-- "Microsoft isn't evil, they just make really crappy operating systems." - Linus Torvald
- Next message: Michael Pelletier: "Re: Man gets nine years for spamming"
- Previous message: Michael Pelletier: "Re: Man gets nine years for spamming"
- In reply to: Moe Trin: "Re: Man gets nine years for spamming"
- Next in thread: Moe Trin: "Re: Man gets nine years for spamming"
- Reply: Moe Trin: "Re: Man gets nine years for spamming"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
