[lug] Software demo through firewalls?

Glenn Murray gmurray at Mines.EDU
Fri May 24 10:11:54 MDT 2002


It's true that a lot of people think that if it's on port 80, it's OK;
which makes it my best shot, I suppose.  Disallowing all but port 80
is poor man's firewall, but it does shift some of the burden to the
good folks at Apache.  I think it's true that port 80 is the most
scrutinized port, too, so it cuts both ways.  Firewalls are mostly
custom jobs, when they exist, so there is no uniform answer.

Cheers,
Glenn Murray
http://www.mines.edu/~gmurray

On Fri, 24 May 2002, Michael D. Hirsch wrote:

> Shannon Johnston writes:
>  > Well, as a corporate FW admin I can offer my input.
>  >
>  > There are really 2 options that the corporations have in their fw rules.
>  > One is that they will allow outbound traffic from their networks on any
>  > port and accept the return traffic as long as it matches a stateful
>  > connection.
>  > The other is that they proxy all outbound connections and severely limit
>  > the privileges of the employees. The proxy would filter ALL traffic,
>  > most likely limit it to port 80 HTTP traffic, and then disallow certain
>  > packets for violation of network useage policy.
>
> These may be the only rational options, but that isn't to say they are
> the only ones in use.  My previous company blocked all ports but 80.
> I beleive they let everything out port 80.  There was no proxying.
>
> Was this rational?  Perhaps not.  But it is what they did, and I think
> it is not so uncommon.
>
> --Michael
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
>





More information about the LUG mailing list