North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Security of National Infrastructure
Most people inherently know the answer to this, but I figure I might as well answer the question since it was asked.> Why is it that every company out there allows connections through theirfirewalls to their web and mail infrastructure from countries that they don't even do business in. Shouldn't it be our default to only allow US based IP addresses and then allow others as needed? The only case I can think of would be traveling folks that need to VPN or something, which could be permitted in the Firewall, but WHY WIDE OPEN ACCESS? We still seem to be in the wild west, but no-one has the b@lls to be braven and> block the unnecessary access.
It is the way it is, because the internet works when it's open by default, and closed off carefully. (blacklists, and the such) Would email have ever taken off if it were based on white lists of approved domains and or senders? Sure, it might make email better NOW (maybe?) but in the beginning?
Block the few bad apples, and generally allow everything else by default. (but allow it carefully) It works for the web, email, airport security, and society in general (mostly open, free... unless you're a Bad Guy Criminal Type).
No one is smart enough to be a central planner, and know where the bad is, all the time. And no one is smart enough to predict who/where the "good" is. That's why open by default (with careful security to screen out the "bad") generally works the best. Chase down the "bad", and assume (correctly so) that the rest is "good."
Same concept applies to why we have police that chase criminals, rather than just throwing everyone in prison by default and making them prove that they're worth of being free.