Re: NAT is not a mechanism for securing a network.. but.. HELP!
From: Floyd L. Davidson (floyd_at_apaflo.com)
Date: Thu, 25 Aug 2005 08:30:26 -0800
Leythos <firstname.lastname@example.org> wrote:
>In article <email@example.com>, firstname.lastname@example.org says...
>> Leythos <email@example.com> wrote:
>> >In article <firstname.lastname@example.org>, email@example.com says...
>> >> Leythos <firstname.lastname@example.org> wrote:
>So, since you've not really listed the company, only mentioned that you
>know a company where everyone needs access, then you say that you are
>not sure, but you're not aware.... So, it really sounds like you don't
>have a clue about the business needs of all the employees concerning
Just dangling a rope for you, thats all. You'd never have been
clear on what you thought of it if I'd mentioned that it is
AT&T's telecom network operations.
>> I don't need to list 5. Just one. And as I noted, that company
>> is large enough to have a senior management position for Network
>> Security, filled at the time by a person who literally wrote the
>Yea, I've read that before, someone knows someone that wrote the book on
>security and they know more than anyone else and no one else could
>understand any other parts of security better than they do.....
>If your guru is permitting full, unrestricted access to the net, without
>any filtering, then they don't really understand security and they also
>don't understand the business needs.
The "guru" is Steve Bellovin. You've probably heard of him. He
was in charge of AT&T's network security for a few years, and
currently is teaching CS at Columbia University. It wasn't really
"the" book that he wrote, it was several of them...
>> Are you claiming that their head of Network Security was not as
>> competent as you? The idea is hilarious!
>How would you know - how do you have any idea that his methods work -
I don't think Bellovin has been certified by ICSA, but like a
lot of other equipment that hasn't been, his reputation is
widely known. ;-)
>since you state that you are unaware of the business needs, then you
>really don't know.
And just when did I say that I was "unaware of the business
needs"? Within the division of AT&T that I worked for (AT&T
Alascom, which AT&T acquired in 1995) it was simply impossible
to file a weekly time sheet without access to the Internet. Is
that "business need" enough for you? And that is merely the
starting point on a list of requirements that most employees
need Internet access for!
>What's hilarious is that you think that all companies should provide
>unrestricted internet access to all employees.
Unlike you, I have *not* made any such sweeping ridiculous claims.
My point was that when you say none do, you are blowing smoke.
-- Floyd L. Davidson <http://www.apaflo.com/floyd_davidson> Ukpeagvik (Barrow, Alaska) email@example.com