Security of National Infrastructure

Mailman List Mirror (Read Only)
1

Why is it that every company out there allows connections through their
firewalls to their web and mail infrastructure from countries that they
don't even do business in. Shouldn't it be our default to only allow US
based IP addresses and then allow others as needed? The only case I can
think of would be traveling folks that need to VPN or something, which
could be permitted in the Firewall, but WHY WIDE OPEN ACCESS? We still
seem to be in the wild west, but no-one has the b@lls to be braven and
block the unnecessary access.

2

Why is it that every company out there allows connections through their
firewalls to their web and mail infrastructure from countries that they
don't even do business in. Shouldn't it be our default to only allow US
based IP addresses and then allow others as needed? The only case I can
think of would be traveling folks that need to VPN or something, which
could be permitted in the Firewall, but WHY WIDE OPEN ACCESS? We still
seem to be in the wild west, but no-one has the b@lls to be braven and
block the unnecessary access.

Please don't feed the troll...

All those meandering replies full of jokes,
puns, political comments and smart remarks
do feed the trolls. But a straightforward
answer is not troll feeding.

The fact is that all those companies out
there are PUBLISHING information on their
web servers. In order to PUBLISH you must
open access to arbitrary members of the
PUBLIC. These companies also publish email
addresses and invite people to send them
email. In order for this email to get through
they have to open their incoming mail servers
to anyone.

This does not mean that their mail infrastructure
or web infrastructure is wide open. In most cases
only an HTTP load balancer and an incoming-only
SMTP server will be accessible directly.

If anyone knows of a significant number of companies
where this is not the case then I think you have
found a potential market for some consultancy
services. Rather than whining on NANOG, it would be
more productive to find a salesperson to help you
get your foot in the door and fix the problems.

--Michael Dillon