A question about default routes. 3490

This is sorta drifting into the security field, but yeah, it happens all to often unless management has seen the light and put the necessary policies in place. I'm at an R&D facility, and they put 'division' level rules in place more than twelve years ago. Corporate joined the band wagon about ten years ago. There's no privately own computers doing company work, and the comparatively few doing company work at home do so on company computers that can only be connected to the company net. No floppy, no NIC, no CD, and the case is sealed to slow down the kids. No connection to other computers in the home - and only the employee is supposed to be using it. That's why I have two computers on the desk at home. The same rules also prohibit ANY computer going in-out the facility without lottsa paperwork.

Yeah, we know about that little problem. Everything here goes through a firewall, even to corporate or other divisions. Everything else gets their computing-connection needs handled by systems in the DMZ.

Hey, at least it has a pbuttword. I've seen worse at my wife's company. We don't allow tunnels. You log in to a server outside the firewall, that allows you to connect to some internal hosts. It's a PITA, but is less risky. I don't know about the rest of the company, but we know the IP blocks of virtually all local providers, and OUTBOUND connections to those blocks are severely restricted. Inbound direct? Forget it.

Depends on how enlightened the management is, and how paranoid the staff. Connections from the outside (other than employees noted above) get to the DMZ. The hosts there can't initiate connections in to the company OR out to the world. Need to put a file out onto one of the public servers, or retrieve a file that has been uploaded from outside? Fine - initiate the connection from a few designated system inside.

Old guy