|
|
Le 2011-11-28 04:02, Invisible a écrit :
>>> To this day I have never yet seem a firewall which blocks *outbound*
>>> traffic. So I don't see why this would even be an issue.
>>>
>>
>> That's because you haven't seen many firewalls!
>>
>> At my current place of employment, there are three different layers of
>> firewalls between the user environment and the public Internet. not only
>> do each layer block unauthorized traffic in both directions, there isn't
>> even a default route out to the Internet. You need to talk to the proxy
>> server infrastructure, and it only accepts specific ports.
>>
>> And looking in the other direction, there are also firewalls between the
>> labs, UAT environments, and regular network, as well as protecting the
>> mainframes from the unwashed masses.
>>
>> For B2B extranets, it's even more prevalent. There, firewalls will
>> usually also be very strict in what they allow out, because the last
>> thing you want is a letter from the legal dept. of Boeing, NASA, or say,
>> the London Stock Exchange saying you are trying to infect their network
>> with bots.
>
> And you're seriously saying that somebody would go to all that trouble,
> and then allow arbitrary Internet traffic so long as it's on TCP port 80?
Where did I say that?
I did say that traffic has to go through a proxy before getting out,
didn't I? Since, as you point out, lots of thought went into designing
the various security zones and their respective security policies, one
can safely assume that a similar level of care went into designing the
proxy infrastructure. Of course URLs are filtered, pages scanned on the
fly, java applet signatures verified, etc...
If I'm really lucky, I'd be able to listen to some streaming radio site,
but my internet usage would probably be reported to my manager.
Thankfully, I work from home most of the time, so I don't have to worry
about losing my job because I spent a few minutes watching a Youtube video.
--
/*Francois Labreque*/#local a=x+y;#local b=x+a;#local c=a+b;#macro P(F//
/* flabreque */L)polygon{5,F,F+z,L+z,L,F pigment{rgb 9}}#end union
/* @ */{P(0,a)P(a,b)P(b,c)P(2*a,2*b)P(2*b,b+c)P(b+c,<2,3>)
/* gmail.com */}camera{orthographic location<6,1.25,-6>look_at a }
Post a reply to this message
|
|