Again going into the breech

I may have been a bit unfair towards the network policies of the Cleveland Clinic [1]yesterday [2] but I was surprised by their apparent draconian network policies (does that make me an optimist because I tend to believe corporate networks are open, or hopelessly naïve about corporate policies towards their own employees?).

Of course Cleveland Clinic can run their network as they see fit. And I can see why they would be hesitant to run a looser, parallel network just for visitors. It's just that as the Network Engineer for The Company (Dan the Network Engineer technically works for another company, one where we share some infrastructure and he currently handles the connection to our Internet peers, which is why I defer to him on occasion) I run an open network on the “assume innocent until proven guilty” principle (or, blacklists) rather than the “assumed guilty until proven innocent” principle (or, whitelists). And it always pains me to see the latter principle in production (and yes, I understand the mindset behind it; I just don't like it personally).

Looking back on it, I'm rather amused that I couldn't even get to the Cleveland Clinic website from their own network (heh). And now that I know what I'm up against (Bunny has a follow-up consultation later today and on Friday), I can plan accordingly.

Or at least know what I can expect [1] [3].

Update from the Cleveland Clinic

It works! Muahahahahaha! Port 443 goes straight through the firewall, and I'm able to ssh straight into my home computer. Woot!

[1] http://my.clevelandclinic.org/

[2] /boston/2009/11/17

[3] /boston/2009/11/18.1

[4] /boston/2008/11/18.1

Gemini Mention this post

Contact the author