[c-nsp] BGP support on the new ASA5585-X
Dobbins, Roland
rdobbins at arbor.net
Sat Oct 30 06:23:24 EDT 2010
On Oct 30, 2010, at 4:17 PM, Dean Smith wrote:
> I know other protocols are going out...I'd like my firewall to stop it.
You're expecting way too much from the network, IMHO.
It sounds as if you're running some kind of endpoint network. If that's the case, beef up your AUP, control your user endpoint hosts configs, and force them through a SOCKS proxy, if you're really so concerned about what they're running/doing.
OTOH, maybe they're just trying to be productive, and are being forced to expend time and energy figuring out how to evade nonsensical 'infosec' policies instead of on doing their jobs.
;>
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
Sell your computer and buy a guitar.
More information about the cisco-nsp
mailing list