RE: Microsoft to ship new versions with firewall enabled

North American Network Operators Group

RE: Microsoft to ship new versions with firewall enabled

From: JC Dill
Date: Thu Aug 14 14:56:16 2003

At 10:00 AM 8/14/2003, Daniel Senie wrote:

At 12:39 PM 8/14/2003, Matthew Watkins wrote:

Apple have the right idea... I'd say all the vendors need to take a
carefully balanced approach to security in the default configurations of
their software. Leave services exposed to the network disabled by default,
where possible.

By all means, configure firewalls by default to block all non-established
incoming connections to low port numbers, but for heaven's sake don't also
block access to those ports from the local subnet as well.

Define "local subnet."

Go sit in a Starbucks and use Wifi. Is the person at the next table, or sitting on the bench outside with their laptop considered on the "local subnet?" Do you trust that person?

Hold on a second, and let me ask him.  :-)

This is just an example of how a policy like the one you suggest can be dangerous.

He said "What's a subnet?"

heh

jc

Follow-Ups:
- East Coast outage? Aaron D. Britt

References:
- RE: Microsoft to ship new versions with firewall enabled Matthew Watkins
- Re: Microsoft to ship new versions with firewall enabled Eric A. Hall
- RE: Microsoft to ship new versions with firewall enabled Daniel Senie

Prev by Date: Re: Private port numbers?
Next by Date: Re: Microsoft to ship new versions with firewall enabled
Date Index
Thread Index
Author Index
Historical