Thu, 12 Jul 2007, by jsa@pen.homeip.net:
On Thursday 12 July 2007, Theo v. Werkhoven wrote:
Of course, at $DAYJOB, I do /not/ let company PCs have unrestricted access to high ports on the outside, better safe than sorry with Windows PCs, dealing with company data and passwords etc...
Really? So something as simple as web browsing requires all sorts of proxying, and every internet oriented package needs to be proxied or SOCKSified?
No proxy, just a limited set of ports that I allow to connect to, like web, pop3(s), imap(s), vpn, ftp etc., and some special ports for accounting and airline reservation packages (but only to and from specific hosts).
Sounds like a make work project to me.
Not really, in the logs I can see hundreds of attempts to ports on the outside being dropped every day, but unless it's really work-related, no-one complains if e.g. their internet-radio connection or other non-essential things do not work. With Shorewall it's a matter of minutes to add an ALLOW if needed, but that doesn't happen more than once in a (long) while. You'd be surpised with how little a normal company can do Internet-wise.
We have fairly old releases of MSIE running in hundreds of machines each running a lightweight antivirus and SpyBot Search and Destroy. Works.
We focus on our work, rather than the weaknesses of the OS on our PCs. Theo -- Theo v. Werkhoven Registered Linux user# 99872 http://counter.li.org ICBM 52 13 26N , 4 29 47E. + ICQ: 277217131 SUSE 10.2 + Jabber: muadib@jabber.xs4all.nl Kernel 2.6.18 + See headers for PGP/GPG info. Claimer: any email I receive will become my property. Disclaimers do not apply. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org