[Asrg] Re: Asrg Digest, DNSBL BCP v.2.0
2007-03-02 21:57:50
At 6:01 PM -0600 3/2/07, <gep2(_at_)terabites(_dot_)com> wrote:
Not being able to issue credits, deliver invoices, and send price
updates (and in the oil and gas business, prices change daily) is a
monumental burden on a company which is guilty of nothing more than
being a victim, just like so many other companies and individuals
have been (and, doubtless, will continue to be).
Being one of many careless clueless instruments of botnet spammers
does not make them not partly guilty.
If you connect a machine to the net, you are morally responsible for
what that machine does on the net. That applies to dumb individual
users and dumb oil companies alike. IP addresses that are used for
bad behavior will properly be treated as bad actors by others. This
is a broader issue than email, it's just that email abuse and
response to it is the most visible manifestation. Mismanaged PC's are
doing a lot more than spam and the only general approach
Worse, from a Internet strategic standpoint, the dangers of this
kind of blunt-instrument blocking of E-mails for AN ENTIRE COMPANY
just because ANY ONE computer within their network is infected (and
it could even be an infected notebook computer carried in from home
and connecting to the office wireless LAN)
So why did they configure their network with a common NAT point for
corporate mail and for badly managed PC's and let those PC's talk
SMTP to anywhere external through it? This is not a new risk. Worms
have existed for almost 2 decades. Segregation of corporate servers
from personal desktops has been a common best practice for at least
15 years. This company lacked the application of fundamental security
principles in their network design.
will force more companies to insist on MORE DANGEROUS separate,
routable IP addresses for each machine in their company....
No force at all. There are other options, such as doing separation
internally and not allowing mismanaged PC's uncontrolled access to
the outside world through company facilities.
The whole story portrays a fundamental business flaw. If email and
other Internet services are business-critical, it is irresponsible to
the business for management to not have technical competence on hand
to deal with problems, particularly in the area of security.
--
Bill Cole
bill(_at_)scconsult(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: [Asrg] Re: Asrg Digest, DNSBL BCP v.2.0, (continued)
- Re: [Asrg] Re: Asrg Digest, DNSBL BCP v.2.0, gep2
- Re: [Asrg] Re: Asrg Digest, DNSBL BCP v.2.0, Chris Lewis
- Re: [Asrg] Re: Asrg Digest, DNSBL BCP v.2.0, Al Iverson
- Re: [Asrg] Re: Asrg Digest, DNSBL BCP v.2.0, Bill Cole
- Re: [Asrg] Re: Asrg Digest, DNSBL BCP v.2.0, Al Iverson
- Re: [Asrg] Re: Asrg Digest, DNSBL BCP v.2.0, Bill Cole
[Asrg] Re: Asrg Digest, DNSBL BCP v.2.0,
Bill Cole <=
Re: [Asrg] Re: Asrg Digest, DNSBL BCP v.2.0, Martin Hannigan
Re: [Asrg] Re: Asrg Digest, DNSBL BCP v.2.0, Dan Oetting
Re: [Asrg] Re: Asrg Digest, DNSBL BCP v.2.0, gep2
|
|
|