> Again, but why does it talk to the outside world unsupervised? Your
> organization clearly has a border that separates its internal systems
from
> external ones. Why not apply those restrictions on *those* borders?
From inside the organisation to outside, yes, ish. Except all those SSL
sites
on random port numbers. And other protocols which use random port numbers
(not just peer-to-peer, but also things like FTP, etc).But, we were talking about end-user connected into the inside network using
a VPN. That user needs to have pretty much unfettered access to the
business parts of your internal network. (Okay, mission critical stuff
should be seperately firewalled, but MS makes that hard enough, due to
things like Active Directory, where everything needs to talk to
everything).
and don't forget the fact that nearly every M$ service pack/'critical'
update changes what ports that program is using (exchange/outlook are
really bad about this)
joshua
Simon
--
Simon Lockhart | Tel: +44 (0)1628 407720 (BBC ext 37720)
Technology Manager | Fax: +44 (0)1628 407701 (BBC ext 37701)
BBC Internet Services | Email: Simon.Lockhart@bbc.co.uk
BBC Technology, Maiden House, Vanwall Road, Maidenhead. SL6 4UB. UK
"Walk with me through the Universe,
And along the way see how all of us are Connected.
Feast the eyes of your Soul,
On the Love that abounds.
In all places at once, seemingly endless,
Like your own existence."
- Stephen Hawking -