[
Lists Home |
Date Index |
Thread Index
]
On Wed, Feb 20, 2002 at 09:11:13PM -0600, Zach Kenyon wrote:
>On 20 Feb 2002, at 21:58, Amy Lewis wrote:
>> On your *desktop*? Does your network admin let you run web services
>> exposed to the internet? Shouldn't he be looking into "would you like
>> fries with that" training, if so?
>
>Umm. If you run Windows, you by definition run DCOM. Is your desktop not
>connected to the internet? Did you not send this email via SMTP?
I sure did. The SMTP daemon doesn't accept incoming connections; the
MUA is mutt, running on Debian Linux (testing). I do have Windows
boxen on the network. The firewall suppresses any attempt to contact
them, and they aren't allowed to start any conversations unless I
approve of the protocol.
Exposing any consumer-class OS to the internet without taking serious
steps to secure it is asking for trouble, with a near guarantee of
getting it.
The windows box I use at work is highly insecure. But it isn't
connected to the internet, except through the firewall. My admin
certainly isn't planning on allowing me to run IIS (or apache, for that
matter) for public consumption.
>> Refuse access, of course. Just as HTTP doesn't go through to your
>> probably-insecure desktop web server. Duh.
>
>How, then, does one connect to one's probably insecure desktop web
>server? String and tin cans?
Don't.
There's a reason that recent corporate practice places all machines
offering public services (including HTTP and SMTP) in the DMZ. Those
machines are under threat, and may not be securable. I've never worked
for a corp that allowed internal desktop machines to offer public
services. I don't see that having SOAP on the desktop has any chance
of changing that.
Amy!
--
Amelia A. Lewis amyzing@talsever.com alicorn@mindspring.com
Igne natura renovatur integra.
|