You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
Version 1
Next »
Notes from meeting – 13 Aug 2009
- Complexity of rules
- Can be built automatically from database?
- 1000-10000 rules should be OK
- Should try to rationalize in terms of subnet
- Current border router is stateless and limited in functionality
- Unknown how many we will need
- Possible that we can spend real money on a better firewall
- At the border on all traffic (would need very expensive firewall)
- Building routers?
- IP address management proposal is being scoped
- Not entirely clear how this would help (or hinder) port blocking
- Eventual goal is to have routed VLANS
- May require reIP host when moving from 2nd floor to 3rd floor
- Eventually may be possible for self-service system registration via web
- Desktop machines?
- Generally need no incoming connections?
- What about services like Skype?
- What exactly do we mean by "desktop"
- Range from Taylored machines to Visitor laptops?
- Visitor network is already blocked for all incoming connections?
- Authozization of individual services unreasonable
- Need to allow some services on "desktop" machines.
- Possible to analyze what incomming connections?
- Yes but could be expensive – perhaps 2-3 FTE for 3-6 months
- More general questions can be desktop
- No questions asked policy for exceptions.
- Would be at least better than what we have now
- Could be renewed each year
- Outgoing connections also to be blocked?
#trackbackRdf ($trackbackUtils.getContentIdentifier($page) $page.title $trackbackUtils.getPingUrl($page))