> I prefer to reduce this problem to a more generic statement
> of principle: "The greatest risk is your users." I solve that problem
> by throwing them all off my firewall completely. That way I have
> exactly 2 passwords I need to worry about, no worries about .rhosts
> or any nonsense like one of my users deciding to fire up IRC.
I agree completely. It is much easier to maintain proper security if
general access to the firewall is eliminated.
We are currently utilizing the cisco router ip filtering in addition to
the screend provided by Digital with Ultrix. Unfortunately this daemon
is working too well, filtering occasional smtp traffic it should
allow. If anyone has encountered similar problems, please let me
Jim Littlefield <little @