FC3 Security
Aleksandar Milivojevic
amilivojevic at pbl.ca
Wed Mar 9 15:27:50 UTC 2005
Rick Bilonick wrote:
> Here are some additional details. The local IT for the data center has
> no central firewall. Each computer is on it's own and has to run a
> firewall. (The data center could use a firewall but it would have to be
> maintained by the university - and the data center doesn't want to have
> to deal with the university running a firewall for them.) Also, all the
> printers are available to anyone who knows their IP address - they don't
> sit behind any firewall. (This is SOOOO different from my previous
> position in the corporate world where all the computers and printers
> were behind a firewall.)
This sounds so much like university setting. Everything wide open. And
so much rules that are setup for sole purpose of having excuses if/when
something goes wrong. Releying on only end-machine firewalls that any
user can turn off with a click of a mouse first time something doesn't
work. That's ridicilous. A single departmental firewall would make
their network so much more secure, than all the rules you described so
far. But then, running firewall requires some knowledge. Making rules
that are ment only to cover your ass doesn't require any real technical
knowledge ;-)
--
Aleksandar Milivojevic <amilivojevic at pbl.ca> Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
More information about the fedora-list
mailing list