RE: Protocol question

  • From: "Kenny Mann" <nazadus@xxxxxxxxxxxxx>
  • To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
  • Date: Thu, 7 Apr 2005 13:24:06 -0500

"I have a professional, ethical, moral and legal duty to conduct and use my
computer in a manner that does not comprise or expose the data of my
clients."

And what I'm getting at is we all have different perceptions of exposure.
Where do we draw the line?
Why do we draw it there? But what if...
I believe these questions have been discussed over and over (although
perhaps not here, on this list, very often).


"a different set of standards MUST prevail."
Who's standards? Could you point to an RFC that says "No game servers on a
firewall" or what not?
How I wish the computer tech industry would band together and make some kind
of guild or something, so we can all follow the same proceedures.
I believe this is where our problems are occuring.

Back in the earily days of the medical field, things considered
wrong/illegal or right/legal where different now. I believe such will be the
ways of administration of computers. Conversations like this only help us
progress and learn each other's perception. Justification of our own
percpetions (such as the email I'm replying to) are highly needed so we can
learn.

Everyone has their own circumstances (which is what makes our jobs fun... Or
bad... Whatever).

"IMHO, configuring my computer and firewall for on-line gaming breaks that
duty."
If you had people you didn't trust (gamers, visiters, whatever) you would
want to do the same.
Any company that doesn't, IMO, is beeing foolish and too trustworthy (and
will get bitten one day) -- doesn't matter if its gaming or not.
However, this all falls back to how do you measure insecurity? And what
point you are willing to put your foot down?

In any case, we've gone way beyond the original point of the email.

At the end of the day, the cow still goes moo. (it's funny... Laugh... Or
maybe it's not so funny).


Kenny 

-----Original Message-----
From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx] 
Sent: Thursday, April 07, 2005 1:11 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Protocol question

http://www.ISAserver.org

Responding to multiple posts:

While it is everyone's absolute right to do what they chose with what they
purchase, part of that right is removed when you are using that purchase to
provide services for others.

If Andrew was mealy saying he wanted his ISA to both be as a firewall for
his computers and all on-line gaming that is his choice. But once his
actions can affect others, and in this case, his clients, a different set of
standards MUST prevail.

I have a professional, ethical, moral and legal duty to conduct and use my
computer in a manner that does not comprise or expose the data of my
clients.

IMHO, configuring my computer and firewall for on-line gaming breaks that
duty.

If you are curious as to the security breaches and comprises in computers
running on-line games, just visit any Internet Gaming Center/Café. Most if
not all use software on the computers that does one of 2 things: A) Able to
reapply the computer image daily or weekly. B) Software installed that
prevents changes to the files and registry on the computer but allowing
applications to think that it is being changed. (I do not remember what that
software is called, but it is designed so that a user can do what they want
to the computer, and then upon restart it is back to normal. If I remember,
it costs like $50 per computer for an annual license.) Most will not have
firewalls in place because most people do not know how to properly configure
a firewall for on-line gaming. (Needs to be in standard or pass through mode
with computers having public IPs.)

It is estimated that 75% of all computers outside of Internet Gaming centers
also have one or more of the following installed whether intentional or not:
File sharing programs, Chat programs, Trojans, Viruses, Spyware and so
forth. Think about that for a minute. That high of a percentage can not be
by choice of that computer user/owner.

Remember, the hackers and other bad guys out there also know which ports are
needed for what games. As I had read recently about on-line game
vulnerabilities, the focus on the software that runs these games is not on
security and as such vulnerabilities can and are found at a much higher rate
than the general public knows about.

So, IMO, the question of appropriateness for this list is not of content. It
is how the poster is asking the questions and for what purpose. 

John T
eServices For You



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
nazadus@xxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx




Other related posts: