North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: Block all servers?
- From: Majdi S. Abbas
- Date: Sat Oct 11 02:48:56 2003
On Fri, Oct 10, 2003 at 08:07:05PM -0600, Adam Selene wrote:
> IMHO, all consumer network access should be behind NAT.
-snip-
> As for plug-in "workgroup" networking (the main reason why
> everything is open by default), when you create a Workgroup,
> it should require a key for that workgroup and enable shared-key
> IPSEC.
These two requirements are mutually exclusive outside
of a LAN environment, and if you're on a LAN, why require IPSEC?
Filtering or NAT do not protect you from bad implementation
or bad protocol design. Penalizing users that need (and will pay)
for reasonably accessible two way communication is not the answer,
and never will be.
--msa
|
