[55335] in North American Network Operators' Group
Re: management interface accessability (was Re: Worm / UDP1434)
daemon@ATHENA.MIT.EDU (Christopher L. Morrow)
Mon Jan 27 15:10:11 2003
Date: Mon, 27 Jan 2003 20:07:25 +0000 (GMT)
From: "Christopher L. Morrow" <chris@UU.NET>
To: <alex@yuriev.com>
Cc: NANOG <nanog@merit.edu>
In-Reply-To: <Pine.LNX.4.10.10301271453530.30768-100000@s1.yuriev.com>
Errors-To: owner-nanog-outgoing@merit.edu
On Mon, 27 Jan 2003 alex@yuriev.com wrote:
>
> > > their computers on 24x7. They may be infected, and will fire up their
> > > VPN tunnels Monday morning. This may introduce the worm into the chewy
> > > center of many corporate networks. Hopefully folks have put the proper
> > > filters in place on their VPN access points.
> >
> > Wait, but isn't your corporate network 'secure' cause its got a super kewl
> > firewall infront of it??
>
> The problem is not firewall. The firewall is a tool to implement a security
> policy. If the security policy is wrong, a firewall wont help you. In fact,
> the best demonstration of a firewall is a Cat5 cable. Working cable is a
> firewall with Allow:Any security policy. Cut in two, the cable is a firewall
> implementing Allow:None security policy.
I forgot my smilies in the original post... it was a joke... I'll try not
to do that again.
