[unisog] Appropriate University/Internet blocks

jef moskot jef at math.miami.edu
Thu Jun 17 09:58:17 GMT 2004


On Thu, 17 Jun 2004, Russell Fulton wrote:
> Over the last ten years I have steadily cut down the *default* incoming
> access that machine and now it is nothing.

You mention that what you've done is quite extreme, but it sounds totally
logical to me.  We do a similar thing and have had no problems.

The simple fact is that the vast majority of machines do not need to be
accessed directly from the outside world.  And, if there is a legit
reason, as long as the system in place that allows for exceptions is
efficient and flexible, I don't see anyone having a reasonable beef with
this.

As you said, the issues are political, not technical, but as long as
everyone is kept in the loop and it is made quite clear that all that is
necessary to bypass the security measures is to ask, then everyone
involved can feel like they're working together to protect the network.

If everyone doesn't have warm fuzzies about the way the system is
implemented, there is going to be trouble, but we didn't have that here.
Initially there was some outcry, but once everyone realized that it wasn't
preventing them from doing anything they wanted to do, there have actually
been suggestions to INCREASE the security...such as locking down outgoing
SMTP traffic.  By default, of course.

Jeffrey Moskot
System Administrator
jef at math.miami.edu



More information about the unisog mailing list