I have been reading the firewall-list for some time now and find it very usefull. But there is one discussion I have not seen on this list, and that is;
Should you restrict users on the internal network to communicate to the Internet?
We've installed a firewall that works two ways. We consider the internal network
as save (or unsave) as the Internet. So every connection that originates from within the internal network has to go through our firewall as well.
This creates an extra checkpoint! If someone should compromise a system on our internal network and want's to hop to another network he'll be blocked and/or noticed by our firewall.
Beside this question I have a more general question on security as well;
What risks are to be considered when a PC on the internal network can make unrestricted connections to the internet?
I need some arguments to use in defending our point of view regarding our firewall concept.
_/_/_/ _/ _/ _/ _/_/ _/_/Rens Schipper EMAIL:rens @
_/ _/ _/ _/ _/ _/ _/_/ _/Network Management and Facilities (BNF)
_/_/_/ _/ _/ _/ _/ _/ _/National Institute Of Public Health And
_/ _/ _/ _/_/ _/ _/Environmental Protection(RIVM), The Netherlands,
_/ _/ _/ _/ _/ _/PO box 1, 3720 BA, BILTHOVEN, tel:3130-743123