I may have been a bit unfair towards the network policies of the Cleveland Clinicyesterday but I was surprised by their apparent draconian network policies (does that make me an optimist because I tend to believe corporate networks are open, or hopelessly naïve about corporate policies towards their own employees?).
Of course Cleveland Clinic can run their network as they see fit. And I can see why they would be hesitant to run a looser, parallel network just for visitors. It's just that as the Network Engineer for The Company (Dan the Network Engineer technically works for another company, one where we share some infrastructure and he currently handles the connection to our Internet peers, which is why I defer to him on occasion) I run an open network on the “assume innocent until proven guilty” principle (or, blacklists) rather than the “assumed guilty until proven innocent” principle (or, whitelists). And it always pains me to see the latter principle in production (and yes, I understand the mindset behind it; I just don't like it personally).
Looking back on it, I'm rather amused that I couldn't even get to the Cleveland Clinic website from their own network (heh). And now that I know what I'm up against (Bunny has a follow-up consultation later today and on Friday), I can plan accordingly.
Or at least know what I can expect .
- I've set
sshdlistening in on port 443 on my home box, and checked—yes, The Monopolistic Phone Company isn't blocking inbound port 443 (yea!). As that is the HTTPS port, it should be forwarded, but not through the invisible proxy. Muahahahahahaha! [Back]
Update from the Cleveland Clinic
It works! Muahahahahaha! Port 443 goes straight through the firewall, and I'm able to
ssh straight into my home computer. Woot!