1 minute read

Network Security -or- “Don’t ask. You can always apologize later.”.

Huh? I guess I misunderstood some fundamentals of security, firewalls and trustworthy computing. Let me rephrase this requirement: _"If you want your server application to receive the 'Designed for Windows XP' logo, it should detect firewalls and re-configure them automatically to allow inbound traffic. Do this without any intervention by the user. Don't care about network security - your application won't have any unsafe buffers, right?. You really shouldn't care about the user who maybe wouldn't want internet connectivity to your application because he doesn't trust your skills."_ > > Or as some kids would put it _"Don't ask. You can always apologize later."_ > > I guess this requirement should be dropped immediately. Let's just assume we've never ever seen it, ok? [[Ingo Rammer's Weblog](http://www.ingorammer.com/)] > >

To be fair, it doesn’t actually say what Ingo suggests it does. My reading is that it says that manual configuration of NAT port mappings are unwelcome by customers, and so they are. It doesn’t say anywhere that you must go around opening up ports without confirming that this is okay with the user. My mother doesn’t know or care about TCP port mappings and she certainly won’t be hand editing them. On the other hand, if she chooses to run a piece of software that carries out some sort of network connectivity, it’s probably fair to say she can choose to run it or not.