[SGVLUG] Preventing certain Machines from Internet

Emerson, Tom (*IC) Tom.Emerson at wbconsultant.com
Mon Nov 5 18:06:47 PST 2007


> -----Original Message----- Of John E. Kreznar
> 
> Contrary to Emerson's assertion in a later posting, some 
> sites DO want to deliberately block all Internet access from 
> interior machines

Yes, I'll agree that some places DO want that, but I would assert that
if that were the case, why have a DSL line in the first place?  (i.e.,
"blocking all access" to the internet has to be an all-or-nothing sort
of game, ESPECIALLY in a "small shop" -- politics and bickering can
flare up in an instant...)

>  -- I do that all the time so that I'm free 
> to "romp" on interior machines without fear that errant 
> software will tattle to the Internet.

Hmmm, yes, that was another thought -- some software, especially in a
"business context", will have legitimate and not-so-legitimate reasons
to "phone home".  In particular, "checking for updates" (and yes, it's a
stretch for the KEYBOARD DRIVER to need to perform this sort of "check")
as well as "checking for licenses"  (grumble if you want, but some
COMPANIES will enter into these sorts of arrangements /willingly/...)

But, as you said, "errant" software -- if you know in advance AND (can)
agree with the reason that a program will "phone home", then it isn't
necesarilly "errant", now is it?  In that case, it is trivial to open up
a hole in the firewall JUST for that purpose [and, of course, monitor
what does get sent or received]  If a program should NOT be "tattling",
then of course you would want to block access.



More information about the SGVLUG mailing list