Notes from meeting – 13 Aug 2009
- Complexity of rules
- Can be built automatically from database?
- 1000-10000 rules should be OK
- Should try to rationalize in terms of subnet
- Not currently easy
- Current border router is stateless and limited in functionality
- Unknown how many we will need
- Can be built automatically from database?
...
- Desktop machines?
- Generally need no incoming connections?
- What about services like Skype?
- What exactly do we mean by "desktop"
- Range from Taylored machines to Visitor laptops?
- Visitor network is already blocked for all incoming connections?
- Authozization Authorization of individual services unreasonable
- Need to allow some services on "desktop" machines.
- Possible to analyze what incomming incoming connections?
- Yes but could be expensive – perhaps 2-3 FTE for 3-6 months
- More general questions can be desktop
...