Firewall Wizards mailing list archives
Re: "firewalls are obsolete" rant
From: Brian Loe <knobdy () gmail com>
Date: Thu, 2 Feb 2006 09:05:49 -0600
On 2/2/06, Paul Melson <pmelson () gmail com> wrote:
Except if they're local admin, they can definitely change that. And unless you've fully investigated the issue, I'd wager you've got at least a couple of people using MSN to talk outside your network. Feel free to use my one-off Snort rule to check and see:
It's monitored, the only off-network IMing that goes on goes over the link I'm on now, a separate DSL Internet connection. As for being local admins, I'm not in charge of systems here (or anything else) so...yes, sadly, everyone is a local admin. I haven't yet heard their justification for this but I'll almost guarantee it's the lazy desktop group that doesn't want to be bothered with how to make such-and-such-app run without local admin rights (probably never even tried power user). As for the user, even with local admin rights, changing the behaviour of MSN IM - I don't see how. I've only played around with it a little, but most of those configuration options are not available (directly anyway), probably as defined in a group policy. Even a local admin has to play by the rules if he wants to be in the domain. And, when I WAS in charge of the systems (servers and desktops) I didn't allow users to be local admins. If there was an app that seemed to need it, it was investigated. If it absolutely could not be done it was either scrapped for something else or placed on a dedicated machine with limited access (the one POS app we had there that could not be ran as a user didn't need network access so it didn't get any).
The argument for IRC that prevailed here boiled down to "it's the only way to communicate with X." To which, several people responded, "Should we rely on them, then, if we can't call or e-mail them?" And somehow it was concluded that we should because according to someone, X was the only party that could provide what we were looking for. Not our finest hour, but not a disaster, either.
I don't find any of the reasons given in this thread valid, but I know how it goes too. Surely this can be mitigated easily though, with a local server or controlled, centralized client or something. I haven't personally used IRC for anything for a very long time. Most vendors have web-based forums and I belong to a lot of lists - if those and google can't help me I'm just screwed...which I still prefer to IRC. :) _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: "firewalls are obsolete" rant Paul Melson (Feb 01)
- <Possible follow-ups>
- Re: "firewalls are obsolete" rant ArkanoiD (Feb 01)
- RE: "firewalls are obsolete" rant Luke Butcher (Feb 01)
- RE: "firewalls are obsolete" rant Paul Melson (Feb 01)
- Re: "firewalls are obsolete" rant Brian Loe (Feb 02)
- Re: "firewalls are obsolete" rant Paul D. Robertson (Feb 02)
- Re: "firewalls are obsolete" rant ArkanoiD (Feb 02)
- RE: "firewalls are obsolete" rant Paul Melson (Feb 02)
- Re: "firewalls are obsolete" rant Brian Loe (Feb 02)
- Re: "firewalls are obsolete" rant Jim Seymour (Feb 02)
- Re: "firewalls are obsolete" rant Brian Loe (Feb 02)
- Re: "firewalls are obsolete" rant Brian Loe (Feb 01)
- Re: "firewalls are obsolete" rant Rajeev Gupta (Feb 02)
- Message not available
- Re: "firewalls are obsolete" rant Marcus J. Ranum (Feb 02)
- Re: "firewalls are obsolete" rant ArkanoiD (Feb 02)
- Message not available