|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Block all servers?
On Fri, Oct 10, 2003 at 08:07:05PM -0600, Adam Selene wrote: > IMHO, all consumer network access should be behind NAT. -snip- > As for plug-in "workgroup" networking (the main reason why > everything is open by default), when you create a Workgroup, > it should require a key for that workgroup and enable shared-key > IPSEC. These two requirements are mutually exclusive outside of a LAN environment, and if you're on a LAN, why require IPSEC? Filtering or NAT do not protect you from bad implementation or bad protocol design. Penalizing users that need (and will pay) for reasonably accessible two way communication is not the answer, and never will be. --msa
|