|
|
|
|
|
|
by siebenmann
1840 days ago
|
|
|
I'm in an academic department and we've historically blocked outgoing traffic for two separate reasons. First, we consider some protocols actively unsafe to use because they transmit credentials in the clear, and we didn't want our users to accidentally do that. Telnet? Rlogin? Sorry, no. Second, we're in an academic environment where the attacker may be inside our network and poking at someone else's, so we want to shield outside parties from bad traffic we may be generating. In both cases, we're responsive to our users; if someone says 'I need this port', we'll allow the traffic (although we try to be selective about the destination). (The third answer is that when we set up firewalls in the beginning, we consciously decided to start with a 'default block' policy.) (I'm the author of the linked-to entry.) |
|
|