Port blocking
Aldo Cortesi
aldo at nullcube.com
Mon Jan 10 20:47:36 EST 2005
Thus spake Steve Holden (steve at holdenweb.com):
> I teach the odd security class, and what you say is far
> from true. As long as the service is located behind a
> firewall which opens up the correct holes for it, it's
> most unlikely that corporate firewalls would disallow
> client connections to such a remote port.
Don't be too sure about that - most of the well-run
corporate networks I have been involved with block outbound
traffic by default. It is certainly sound security policy to
shunt outbound traffic through intermediary servers (e.g.
SMTP) and proxies (e.g. HTTP and FTP) so that it can be
logged, monitored, tracked, and controlled.
This is the strategy I recommend to my clients - the only
sensible one in a world of spyware, worms, insecure web
browsers and corporate espionage...
Cheers,
Aldo
--
Aldo Cortesi
aldo at nullcube.com
http://www.nullcube.com
Off: (02) 9283 1131
Mob: 0419 492 863
More information about the Python-list
mailing list