Discussion:
Why use the firewall?
(too old to reply)
hymie!
2019-10-21 16:15:26 UTC
Permalink
I work for a Large Government Agency.

My machines are on an internal network. Even though I have valid IPv4
addreses, my network is behind numerous firewalls that control all incoming,
outgoing, and even internal access.

...except the Web.

If I want to connect to a site over port 80 or 443, the network team
will not approve any firewall requests. I must use the designated "web
proxy", which provides my machine access to a list [1] of over 450 web
sites, including numerous that end with amazonaws.com .

I can't have access to just the one web site I want. I can access all
of them, or I can access none of them.

Somehow, that qualifies as "network security".

--hymie! http://lactose.homelinux.net/~hymie ***@lactose.homelinux.net

[1] I went to download the list so that I could count its length. The
$LGA web site hosting the list has an SSL certificate that expired
this past Thursday.
The Horny Goat
2019-10-21 16:38:19 UTC
Permalink
Post by hymie!
I work for a Large Government Agency.
My machines are on an internal network. Even though I have valid IPv4
addreses, my network is behind numerous firewalls that control all incoming,
outgoing, and even internal access.
...except the Web.
If I want to connect to a site over port 80 or 443, the network team
will not approve any firewall requests. I must use the designated "web
proxy", which provides my machine access to a list [1] of over 450 web
sites, including numerous that end with amazonaws.com .
I can't have access to just the one web site I want. I can access all
of them, or I can access none of them.
Somehow, that qualifies as "network security".
[1] I went to download the list so that I could count its length. The
$LGA web site hosting the list has an SSL certificate that expired
this past Thursday.
Do I correctly understand you're saying you have to have 450 web tabs
open AT ONCE? Or none?

That would definitely provide security by bringing your system to its
knees and prevent you getting any work done at all.....
hymie!
2019-10-21 18:05:56 UTC
Permalink
In our last episode, the evil Dr. Lacto had captured our hero,
Post by The Horny Goat
Post by hymie!
If I want to connect to a site over port 80 or 443, the network team
will not approve any firewall requests. I must use the designated "web
proxy", which provides my machine access to a list [1] of over 450 web
sites, including numerous that end with amazonaws.com .
I can't have access to just the one web site I want. I can access all
of them, or I can access none of them.
Do I correctly understand you're saying you have to have 450 web tabs
open AT ONCE? Or none?
No. If I want permission to access a particular web site, it comes
with permission to access 450 other web sites. I can't restrict
my machine to access only the web sites I want to allow it to access.
I have no choice but to give my machines access to a wide range of
web sites that I would rather not have access to.

--hymie!
The Horny Goat
2019-10-22 03:46:52 UTC
Permalink
Post by hymie!
Post by The Horny Goat
Do I correctly understand you're saying you have to have 450 web tabs
open AT ONCE? Or none?
No. If I want permission to access a particular web site, it comes
with permission to access 450 other web sites. I can't restrict
my machine to access only the web sites I want to allow it to access.
I have no choice but to give my machines access to a wide range of
web sites that I would rather not have access to.
Glad you clarified - I figured that COULDN'T be true. I remember about
15 years ago when my mother asked me to figure out why her machine (a
900 mhz Celeron which for 2003 wasn't so slow) had >28< MS Word
windows open. Apparently Mom knew how to ctrl-N but not how to close
the documents. Needless to say that was a very quick fix!
Juancho
2019-10-25 22:14:14 UTC
Permalink
Post by hymie!
If I want to connect to a site over port 80 or 443, the network team
will not approve any firewall requests. I must use the designated "web
proxy", which provides my machine access to a list [1] of over 450 web
sites, including numerous that end with amazonaws.com .
So what happens if the web site you want to reach is not among those 450
web sites?
--
EOT.
hymie!
2019-10-26 01:03:28 UTC
Permalink
In our last episode, the evil Dr. Lacto had captured our hero,
Post by Juancho
Post by hymie!
If I want to connect to a site over port 80 or 443, the network team
will not approve any firewall requests. I must use the designated "web
proxy", which provides my machine access to a list [1] of over 450 web
sites, including numerous that end with amazonaws.com .
So what happens if the web site you want to reach is not among those 450
web sites?
They will happily add my site to the list [2], and then my machine --
and every other machine using the web proxy -- can access the site I
requetsed.

[2] Presumably they check it first

--hymie!

Loading...