Marcus J Ranum <mjr @
> However, as you say, many are just
> beginning to feel their way in this environment, and it's
> important to try to maintain a balanced view. I say this because
> he's probably just making life more difficult for everyone. A
> number of the more moderate among us will now probably have to
> do some damage control to try to rationally explain his views
> in terms of the larger context. It's often been a source of
> frustration to me when I run into the kind of brain-viruses
> that such lecturers give their students - having to explain,
> for example, to a customer why outlawing ALL UDP (including DNS)
> is not a great idea, in spite of that the "expert" said "ALL
> UDP IS EVIL."
Marcus, as usual you are right on the button!! However, I sympathise with the 'lecturers' to a degree. I do a bit in that line myself and am continually amazed that I can say, for example, "You should ask yourself 'Do I really need this?' for every UDP protocol that you want to enter your network/firewall". A number of students will interpret this as either "ALL UDP is bad", or "All UDP is good". A very small minority will actually get the message that configuring a firewall is about risk assessment and management.
What I am trying to say is that whilst there are a lot of guys walking around with tall hats and spurs invading this business, there are also a lot of guys who wouldn't know the difference between an IP Datagram and a telnet option negotiation making decisions on the user side. It may not be bad information out of the mouth of the lecturer, but poor understanding on the part of the listener (with apologies to the guy who posted the original question).