This is the mail archive of the crossgcc@sources.redhat.com mailing list for the crossgcc project.

See the CrossGCC FAQ for lots more information.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

Re: obtaining gcc3.0.1



>>Unfortunately I can not access the CVS repository (work won't open up any
>>ports on the firewall).
>
>  You could always take a baseball bat to your sysadmin.  That is taking
>security to a pointless level that merely impedes the users' work flow,
>impairs the functionality of the network, and doesn't provide any extra
>security unless your sysadmin believes his network to be infested with 
>backdoor trojans that might try to phone home on the port used by the CVS
>protocol, in which case he should be busy disinfecting the workstations 
>rather than trying to stop them opening outgoing connections.  Refusing to
>allow an outgoing connection from one well defined machine (yours) to one
>well defined remote server (gcc.gnu.org) on one specific port suggests that
>your sysadmin doesn't know what he's doing and isn't competent to evaulate
>the level of security risk posed by different network activities, or perhaps
>merely that he hasn't read the firewall manual and can't be bothered to.

Wow, sounds like someone didn't get their frosted flakes and caffeine
this morning :-) 

'Refusing to allow an outgoing connection from one well defined
machine to one well defined remote server on one specific port
suggests ...' may be fine if you're in a company that has only 5
employees, but if you work for a larger comanpy(like) mine, it is
impossible to arrange a special connection, because if every one of
the 40000+ engineers whine to the sysadmins that they need a specific
port connection, the whole request system collapses and the network
becomes impossible to administer.

When the network is that large, you have no choice but to take a seige
mentaility where it is easier to throttle all outside traffic through
a few machines and slam the doors on almost all the ports and enforce
proxies for everything else.  That's nearly the only way that you can have
a warm-n-fuzzy feeling about the security of your network.

So don't berate sysadmins because in the very long run, they may
even have your best interests at heart.

-- 
Peter Barada                                   Peter.Barada@motorola.com
Wizard                                         781-852-2768 (direct)
WaveMark Solutions(wholly owned by Motorola)   781-270-0193 (fax)

------
Want more information?  See the CrossGCC FAQ, http://www.objsw.com/CrossGCC/
Want to unsubscribe? Send a note to crossgcc-unsubscribe@sourceware.cygnus.com


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]