This is the mail archive of the crossgcc@sources.redhat.com mailing list for the crossgcc project.
See the CrossGCC FAQ for lots more information.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
>>Unfortunately I can not access the CVS repository (work won't open up any >>ports on the firewall). > > You could always take a baseball bat to your sysadmin. That is taking >security to a pointless level that merely impedes the users' work flow, >impairs the functionality of the network, and doesn't provide any extra >security unless your sysadmin believes his network to be infested with >backdoor trojans that might try to phone home on the port used by the CVS >protocol, in which case he should be busy disinfecting the workstations >rather than trying to stop them opening outgoing connections. Refusing to >allow an outgoing connection from one well defined machine (yours) to one >well defined remote server (gcc.gnu.org) on one specific port suggests that >your sysadmin doesn't know what he's doing and isn't competent to evaulate >the level of security risk posed by different network activities, or perhaps >merely that he hasn't read the firewall manual and can't be bothered to. Wow, sounds like someone didn't get their frosted flakes and caffeine this morning :-) 'Refusing to allow an outgoing connection from one well defined machine to one well defined remote server on one specific port suggests ...' may be fine if you're in a company that has only 5 employees, but if you work for a larger comanpy(like) mine, it is impossible to arrange a special connection, because if every one of the 40000+ engineers whine to the sysadmins that they need a specific port connection, the whole request system collapses and the network becomes impossible to administer. When the network is that large, you have no choice but to take a seige mentaility where it is easier to throttle all outside traffic through a few machines and slam the doors on almost all the ports and enforce proxies for everything else. That's nearly the only way that you can have a warm-n-fuzzy feeling about the security of your network. So don't berate sysadmins because in the very long run, they may even have your best interests at heart. -- Peter Barada Peter.Barada@motorola.com Wizard 781-852-2768 (direct) WaveMark Solutions(wholly owned by Motorola) 781-270-0193 (fax) ------ Want more information? See the CrossGCC FAQ, http://www.objsw.com/CrossGCC/ Want to unsubscribe? Send a note to crossgcc-unsubscribe@sourceware.cygnus.com
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |