You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Notes from meeting – 13 Aug 2009

  • Complexity of rules
    • Can be built automatically from database?
      • 1000-10000 rules should be OK
      • Should try to rationalize in terms of subnet
        • Not currently easy
      • Current border router is stateless and limited in functionality
    • Unknown how many we will need
  • Possible that we can spend real money on a better firewall
    • At the border on all traffic (would need very expensive firewall)
    • Building routers?
  • IP address management proposal is being scoped
    • Not entirely clear how this would help (or hinder) port blocking
    • Eventual goal is to have routed VLANS
      • May require reIP host when moving from 2nd floor to 3rd floor
    • Eventually may be possible for self-service system registration via web
  • Desktop machines?
    • Generally need no incoming connections?
    • What about services like Skype?
    • What exactly do we mean by "desktop"
    • Range from Taylored machines to Visitor laptops?
    • Visitor network is already blocked for all incoming connections?
  • Authozization of individual services unreasonable
    • Need to allow some services on "desktop" machines.
  • Possible to analyze what incomming connections?
    • Yes but could be expensive – perhaps 2-3 FTE for 3-6 months
    • More general questions can be desktop
  • No questions asked policy for exceptions.
    • Would be at least better than what we have now
    • Could be renewed each year
  • Need to survey user base
  • Outgoing connections also to be blocked?
#trackbackRdf ($trackbackUtils.getContentIdentifier($page) $page.title $trackbackUtils.getPingUrl($page))
  • No labels