North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Block all servers?
> Unfortuantely there are enough protocols and applications > which don't work well behind a NAT that deploying this on > a large scale is not practical. It already is deployed upon a large scale. When I had @Home in Seattle (one of the first subscribers), I had a 10.x address. Here in Costa Rica, broadband (cable modem) connections for the entire country are behind NAT. > Also what about folks who need to VPN in to their office > (either via PPTP or IPSEC)? How would you take care of that > situation? I use IPSEC and it works fine behind NAT. > Unfortunately something like this would make the PC close to > useless which is not the intent of the software provider. Thus > you see everything open, security be damned. No. You default open the common and popular internet ports for outbound, and 90% of users never use anything else. >> As for plug-in "workgroup" networking (the main reason why >> everything is open by default), when you create a Workgroup, >> it should require a key for that workgroup and enable shared-key >> IPSEC. > > And joe user will understand this because..... That's the point, he doesn't have to. A "workgroup" becomes a name + a key/phassphrase instead of just a name. What that accomplishes is completely hidden. Adam
|