* * * * *

                         Again going into the breech

I may have been a bit unfair towards the network policies of the Cleveland
Clinic [1]yesterday [2] but I was surprised by their apparent draconian
network policies (does that make me an optimist because I tend to believe
corporate networks are open, or hopelessly naïve about corporate policies
towards their own employees?).

Of course Cleveland Clinic can run their network as they see fit. And I can
see why they would be hesitant to run a looser, parallel network just for
visitors. It's just that as the Network Engineer for The Company (Dan the
Network Engineer technically works for another company, one where we share
some infrastructure and he currently handles the connection to our Internet
peers, which is why I defer to him on occasion) I run an open network on the
“assume innocent until proven guilty” principle (or, blacklists) rather than
the “assumed guilty until proven innocent” principle (or, whitelists). And it
always pains me to see the latter principle in production (and yes, I
understand the mindset behind it; I just don't like it personally).

Looking back on it, I'm rather amused that I couldn't even get to the
Cleveland Clinic website from their own network (heh). And now that I know
what I'm up against (Bunny has a follow-up consultation later today and on
Friday), I can plan accordingly.

Or at least know what I can expect [1] [3].

[  1] I've set sshd listening in on port 443 on my home box, and checked—yes,
    The Monopolistic Phone Company isn't blocking inbound port 443 (yea!).
    As that is the HTTPS (HyperText Transport Protocol Secure) port, it
    should be forwarded, but not through the invisible proxy.
    Muahahahahahaha! [Back] [4]


Update from the Cleveland Clinic

It works! Muahahahahaha! Port 443 goes straight through the firewall, and I'm
able to ssh straight into my home computer. Woot!


[1] http://my.clevelandclinic.org/
[2] gopher://gopher.conman.org/1Phlog:2009/11/17
[3] gopher://gopher.conman.org/0Phlog:2009/11/18.1
[4] gopher://gopher.conman.org/0Phlog:2008/11/18.1

Email author at [email protected]

You are viewing proxied material from gopher.conman.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.