Slashdot Mirror
Changes in the Network Security Model?
Kaliban asks: "As a Sysadmin, understanding network security is clearly an important part of my skillsets so I wanted to get thoughts on a few things that I've seen recently after some discussions with co-workers. Are network services becoming so complicated that application level firewalls (such as ISA Server) are absolutely necessary? Is the simple concept of opening and closing ports insufficient for networking services that require the client and server to open multiple simultaneous connections (both incoming and outgoing)?This leads me to my next question: has the paradigm of 'if you offer external services to the Internet then place those machines onto a perimeter network' been eroded? Are application level firewalls sophisticated enough to allow machines on your internal network to advertise services to the Internet? When is it alright to 'poke a hole in the firewall' to allow this? Personally, I think the answer is 'Never!' but perhaps I'm out of touch with current network security models."
... is a "bad thing."
For Chrissake, lighten the hell up. Work is boring. There's a lot of people out there who are extremely overqualified for their jobs who could do them in their sleep, but cannot find anything more challenging because the market sucks.
Can you blame them for wanting to IM/surf? As long as this behavior doesn't expose the organization to network security holes (sorry, but exchange of text doesn't cut it), what is the BFD?
Rather than make blanket statements of "if it isn't absolutely NECESSARY to be on, it's off," why don't we actually do our jobs as sysadmins and actually investigate whether or not a given service will cause problems when being used?
+++ATH0