[SATLUG] Blocked ports on college campus
brad at shub-internet.org
Tue Oct 21 15:44:09 CDT 2008
Jon Mark Allen wrote:
> of course. with that argument, though, why not just remove all
> firewalls and give everyone unfettered access to all your internal
> servers, too? After all, they're going to get in anyway, right?
We block inbound traffic to our servers from most networks, except for
certain ports. But this doesn't keep people from getting outside of our
And there are all sorts of IDS and IPS systems that are in use on our
networks, of which I only know a small fraction. The users have to know
that there's a certain amount of monitoring going on, because they do
occasionally get nailed.
> There is *always* a way. It's the admin's job to make it harder.
> Hopefully hard enough that any miscreants will try someone else's
> network instead.
What you really need to make sure that they know is not that they will be
prevented, but that they will be detected, caught, and prosecuted if they
participate in certain types of illegal activity.
As an educational institution, anything else should be generally allowed on
the public networks.
Brad Knowles <brad at shub-internet.org>
LinkedIn Profile: <http://tinyurl.com/y8kpxu>
More information about the SATLUG