Re: NAT is not a mechanism for securing a network.. but.. HELP!

From: Floyd L. Davidson (floyd_at_apaflo.com)
Date: 08/25/05


Date: Thu, 25 Aug 2005 08:30:26 -0800

Leythos <void@nowhere.lan> wrote:
>In article <87vf1uahs5.fld@barrow.com>, floyd@apaflo.com says...
>> Leythos <void@nowhere.lan> wrote:
>> >In article <878xyrb7yp.fld@barrow.com>, floyd@apaflo.com says...
>> >> Leythos <void@nowhere.lan> wrote:
>
>So, since you've not really listed the company, only mentioned that you
>know a company where everyone needs access, then you say that you are
>not sure, but you're not aware.... So, it really sounds like you don't
>have a clue about the business needs of all the employees concerning
>Internet access.

Just dangling a rope for you, thats all. You'd never have been
clear on what you thought of it if I'd mentioned that it is
AT&T's telecom network operations.

>> I don't need to list 5. Just one. And as I noted, that company
>> is large enough to have a senior management position for Network
>> Security, filled at the time by a person who literally wrote the
>> book.
>
>Yea, I've read that before, someone knows someone that wrote the book on
>security and they know more than anyone else and no one else could
>understand any other parts of security better than they do.....
>
>If your guru is permitting full, unrestricted access to the net, without
>any filtering, then they don't really understand security and they also
>don't understand the business needs.

The "guru" is Steve Bellovin. You've probably heard of him. He
was in charge of AT&T's network security for a few years, and
currently is teaching CS at Columbia University. It wasn't really
"the" book that he wrote, it was several of them...

>> Are you claiming that their head of Network Security was not as
>> competent as you? The idea is hilarious!
>
>How would you know - how do you have any idea that his methods work -

I don't think Bellovin has been certified by ICSA, but like a
lot of other equipment that hasn't been, his reputation is
widely known. ;-)

>since you state that you are unaware of the business needs, then you
>really don't know.

And just when did I say that I was "unaware of the business
needs"? Within the division of AT&T that I worked for (AT&T
Alascom, which AT&T acquired in 1995) it was simply impossible
to file a weekly time sheet without access to the Internet. Is
that "business need" enough for you? And that is merely the
starting point on a list of requirements that most employees
need Internet access for!

>What's hilarious is that you think that all companies should provide
>unrestricted internet access to all employees.

Unlike you, I have *not* made any such sweeping ridiculous claims.

My point was that when you say none do, you are blowing smoke.

-- 
Floyd L. Davidson            <http://www.apaflo.com/floyd_davidson>
Ukpeagvik (Barrow, Alaska)                         floyd@apaflo.com


Relevant Pages

  • Re: NAT is not a mechanism for securing a network.. but.. HELP!
    ... >>it's employees to have complete, open, unrestricted, internet access. ... > need Internet access, but I certainly was not aware of any that didn't. ... have a clue about the business needs of all the employees concerning ... > Security, filled at the time by a person who literally wrote the ...
    (comp.security.firewalls)
  • Re: Share Wireless Internet Connection?
    ... turn a closed network into an open network just by plugging this thing ... security, sometimes asking the security questions if they see a new ip ... with the linksys being seen by the hotel network. ... cookies for internet access. ...
    (comp.sys.mac.system)
  • Re: NetBEUI and security
    ... it depends on your 'internet access' setup. ... > I'm considering using NetBEUI on a small network with internet access, ... > My motivation for this is simply another layer of security, ... > non routable nature of NetBEUI. ...
    (comp.security.firewalls)
  • Re: ISA Server question
    ... server\firewall and a proxy server? ... A Proxy can control any Network Traffic if there are applicable Application / Webfilter. ...
    (microsoft.public.isa)
  • SecurityFocus Microsoft Newsletter #50
    ... Subject: SecurityFocus Microsoft Newsletter #50 ... Specialist in Microsoft's Security Services Partner Program, ... Network Monitoring for Intrusion Detection ... Relevant URL: ...
    (Focus-Microsoft)