|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Block all servers?
Adam Selene wrote: IMHO, all consumer network access should be behind NAT.First of all, this would block way too many uses that currently actually sell the consumer network connections. "I recommend my competition to do this" Secondly, it�s very hard, if impossible to come up with a NAT device which could translate a significant amount of bandwidth. Coming up with one to put just a single large DSLAM behind is tricky. (OC-12 level of bandwidth) NAT devices which do OC12 or near don�t come cheap either. This is (fortunately) not a cost you can sink to the customer as added value. "Because we lack clue and technology, we just block you for anything and make you pay for it". However, the real solutions is (and unfortunately to the detrimentDon�t underestimate the painfully slow rate of change in widely deployed systems. There is a lot of software out there which dates back 15 years or more. Can you afford to wait even five? Hardly any of the issues we see today would go away if such an API would be enforced on the applications because the issues are due to the legitimate applications legitimately talking to the network with permission. As for plug-in "workgroup" networking (the main reason whyThis is not a bad idea at all. Make sure to save a copy of this message in case somebody tried to patent this. Currently Windows 2000 can be configured to be extremely secure without any additional software. Unfortunately you must have a *lot* of clue to configure the Machine and IP security policies it provides. The box should have a sticker "needs a resident computer mechanic" :) Pete
|