We are in the planning stages of implementing a firewall, starting with a site
policy to determine the extent our users want to be protected, and thus to
what extent we'll be able to enforce such a policy.
One of the biggest concerns we have is the fact that several users (our users
are mainly scientists who bring money into the Institution so we don't tell
them what to do, for the most part) are insisting that they continue to be
allowed to do NFS mounts and run X-windows across our Internet link, and thus
thru our firewall.
I would like to know if other sites have run into this and how they handled it.
Did you develop policy that simply stated NO you cannot run these applications
thru the firewall because of the risk, or did you allow such traffic and just
monitor the connections?
Are there perhaps better alternates of carrying out their tasks in collaboration
with other scientists that would preclude the use of NFS and X that we could
suggest they look into?
Thanks in advance for any ideas/comments.
Michael Pare', PE