On Tuesday, July 12, 2005 06:37 pm, James D. Parra wrote:
I guess I'm at a backwards company because the network admin has all the out bound ports blocked except for ports 80 and 22.
How do you send e-mail, ftp, or view secure, https, sites?
You send email via port 25 to the mail server on the LAN, either behind the firewall or in a DMZ (with the port open). It's a good idea not to allow workstations to send email to an MTA on the Internet; if you have a PC infected with a mass mailing virus, the virus then can't use its own smtp engine except to try to infect other machines on the LAN. And if the virus is clever and tries to use the corporate MTA, presumably the sysadmin will catch the spike in activity and shut the machine off. With a setup that tight, I'm surprised web browsing isn't done via a proxy, again closing off port 80 outbound at the firewall except to the internal or DMZ-hosted web proxy server. These days there are many so-called "firewall-friendly" remote PC management tools that require port 80 or high ports to be open, so putting in a proxy server and tightening up the firewall is, in principle, a good idea--and becoming increasingly common practice. But the sysadmin should make some accommodation here; she can then track the usage. -- _________________________________________________________ A Message From... L. Mark Stone Reliable Networks of Maine, LLC "We manage your network so you can manage your business." 477 Congress Street Portland, ME 04101 Tel: (207) 772-5678 Web: http://www.rnome.com