Changes in the Network Security Model?
Kaliban asks: "As a Sysadmin, understanding network security is clearly an important part of my skillsets so I wanted to get thoughts on a few things that I've seen recently after some discussions with co-workers. Are network services becoming so complicated that application level firewalls (such as ISA Server) are absolutely necessary? Is the simple concept of opening and closing ports insufficient for networking services that require the client and server to open multiple simultaneous connections (both incoming and outgoing)?This leads me to my next question: has the paradigm of 'if you offer external services to the Internet then place those machines onto a perimeter network' been eroded? Are application level firewalls sophisticated enough to allow machines on your internal network to advertise services to the Internet? When is it alright to 'poke a hole in the firewall' to allow this? Personally, I think the answer is 'Never!' but perhaps I'm out of touch with current network security models."
I would just like to add to this that any firewall should block access from niggers. All niggers do is break stuff and steal, so you really don't want them on your network at all.
slashdot used Windows Server 2003.
Take that you linux freaks!!!
since your so smart why dont you answer his question
Wow, you sort of sound like a jerk. Maybe you should contribute some of your considerable intellect (at least from your point of view) and help someone out.
Wow, you must be fat.
Well, I don't know about you. But personally I find that the best way to control users (lusers in a more correct terminology) is to practice a reign of random terror.
I have developed a program that randomizes my luser responses. I can adjust the quotent of good vs bad responses based on a numerical seed that is modified based on how irritating I find their voice on the phone.
The luser:
"Oh, I need to get some files of my home computer! I wanto I wanto. I am to good for mere floppies!"
My response:
1. "OK, I have it all set up and ready to go."
2. "No I cannont allow that."
3. "No you can't you f***ing numbnut" Then make the wallpaper a rather colorful example of hardcore japanese scat porn. Plant a well know virus on their laptop. Then call security that this person was making terroristic threats on my person and my family.
4. Make terroristic threats on that person and his family. And send "Tino" down to break there left leg.
You see you have to keep them on their toes. Like the little sheep they are you just have to keep them realing like a drunk salior fighting a 250 pound rotweiler.
Your their best friend one minute. A nightmare from the depths of hell the next.
That way they know they can get favours from you, but will never be strong enough to group up and usurp you.
... is a "bad thing."
For Chrissake, lighten the hell up. Work is boring. There's a lot of people out there who are extremely overqualified for their jobs who could do them in their sleep, but cannot find anything more challenging because the market sucks.
Can you blame them for wanting to IM/surf? As long as this behavior doesn't expose the organization to network security holes (sorry, but exchange of text doesn't cut it), what is the BFD?
Rather than make blanket statements of "if it isn't absolutely NECESSARY to be on, it's off," why don't we actually do our jobs as sysadmins and actually investigate whether or not a given service will cause problems when being used?
+++ATH0