Security of National Infrastructure

> Why is it that every company out there allows
connections through their
> firewalls to their web and mail infrastructure from
countries that they
> don't even do business in. Shouldn't it be our default
to only allow US
> based IP addresses and then allow others as needed? The
only case I can
> think of would be traveling folks that need to VPN or
something, which
> could be permitted in the Firewall, but WHY WIDE OPEN
ACCESS? We still
> seem to be in the wild west, but no-one has the blls to be
braven and
> block the unnecessary access.

maybe because those godless communist sexually deviant
vicious perverts
out there in the rest of the world are damned hard to
differentiate from
the sexually deviant vicious perverts we have in our
government?

and there money is still good.  you may want to look at the
balance of
trade and worry about the opposite flow.

sheesh!

randy

>  > Why is it that every company out there allows
connections through their
>>  firewalls to their web and mail infrastructure
from countries that they
>>  don't even do business in. Shouldn't it be our
default to only allow US
>>  based IP addresses and then allow others as
needed? The only case I can
>>  think of would be traveling folks that need to VPN
or something, which
>>  could be permitted in the Firewall, but WHY WIDE
OPEN ACCESS? We still
>>  seem to be in the wild west, but no-one has the
blls
to be braven and
>  > block the unnecessary access.

Most people inherently know the answer to this, but I figure
I might 
as well answer the question since it was asked.

It is the way it is, because the internet works when it's
open by 
default, and closed off carefully. (blacklists, and the
such)   Would 
email have ever taken off if it were based on white lists of
approved 
domains and or senders? Sure, it might make email better NOW
(maybe?) 
but in the beginning?

Block the few bad apples, and generally allow everything
else by 
default.  (but allow it carefully)  It works for the web,
email, 
airport security, and society in general (mostly open,
free... unless 
you're a Bad Guy Criminal Type).

No one is smart enough to be a central planner, and know
where the 
bad is, all the time. And no one is smart enough to predict
who/where 
the "good" is.  That's why open by default (with
careful security to 
screen out the "bad") generally works the best. 
Chase down the 
"bad", and assume (correctly so) that the rest is
"good."

Same concept applies to why we have police that chase
criminals, 
rather than just throwing everyone in prison by default and
making 
them prove that they're worth of being free.


-Jerry

On Fri, 29 Dec 2006, Randy Bush wrote:
> > Why is it that every company out there allows
connections through their
> > firewalls to their web and mail infrastructure
from countries that they
> > don't even do business in. Shouldn't it be our
default to only allow US
> > based IP addresses and then allow others as
needed? The only case I can
> > think of would be traveling folks that need to VPN
or something, which
> > could be permitted in the Firewall, but WHY WIDE
OPEN ACCESS? We still
> > seem to be in the wild west, but no-one has the
blls
to be braven and
> > block the unnecessary access.
>
> maybe because those godless communist sexually deviant
vicious perverts
> out there in the rest of the world are damned hard to
differentiate from
> the sexually deviant vicious perverts we have in our
government?
>
> and there money is still good.  you may want to look at
the balance of
> trade and worry about the opposite flow.

I think the better answer is: "your network your
choices, my network my
choices"