[AG-TECH] Access Grid 3.0 beta1 available !

[John Hodrien]

On Tue, 31 Jan 2006, Frank Sweetser wrote:

> As an employed network nazi myself, I think I can answer that =)

;)  No offence to network nazis intended (I'm sometimes accused of being one
myself).

> The bigger the change (IOW, the more ports that have to be opened up), the
> greater the potential impact.  Even if the ports are only opened up to an AG
> system, it still increases the exposure of that system, which if
> compromised, would allow an attacker to bypass the external firewall and
> attack other hosts directly.

Realistically, how many attacks come over UDP?

> Just remember that when you're asking for changes to make your access grid
> node work, the firewall admins have to also figure out if they're following
> the policies that get handed to them, and how it's going to effect every
> other machine on the network, not just yours.  If you can go to them and
> explain about the application you're trying to use, what network resources
> need to be opened up, and *why* it's important enough to take time away from
> managing the steady flood of attackers, viruses and trojans, and monitoring
> critical stuff that handles things like payroll, as opposed to "Hey!  You!
> Open these ports for me 'cause I said so!", you'll have much better results.

I agree, although sometimes it can be hard to put any case together that will
get results.  We've had problems with collaborators (we thankfully have very
flexible policies here) because they'd have endless firewall problems.

jh

-- 
"Science is a bit like the joke about the drunk who is looking under a
  lamppost for a key that he lost on the other side of the street, because
  that's where the light is.  It has no other choice."
                                                      -- Noam Chomsky