Re: [fw-wiz] Too Paranoid?
From: Paul D. Robertson (proberts@patriot.net)
Date: 09/29/02
- Next message: James Triplett: "Re: [fw-wiz] Too Paranoid?"
- Previous message: Jim Seymour: "[fw-wiz] Too Paranoid?"
- In reply to: Jim Seymour: "[fw-wiz] Too Paranoid?"
- Next in thread: Kevin Steves: "Re: [fw-wiz] Too Paranoid?"
- Reply: Kevin Steves: "Re: [fw-wiz] Too Paranoid?"
- Reply: Mark Tinberg: "Re: [fw-wiz] Too Paranoid?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Paul D. Robertson" <proberts@patriot.net> To: Jim Seymour <jseymour@LinxNet.com> Date: Sun Sep 29 12:12:02 2002
On Sun, 29 Sep 2002, Jim Seymour wrote:
> Hi,
Hi Jim,
> it. Proprietary server software runs on this server and proprietary
> software to talk to the server runs on one-or-more MS-Win desktops.
> They use ActiveX controls. The server, in turn, must communicate
What protocols does the desktop<-> server stuff need? It seems to me that
the best bet would be to put the 2k server outside the firewall on a
service network and allow the clients to go out and access it, but this
assumes some level of control over the client<->server protocol (if it's
just TCP-based one-off stuff, I think you're still better off, if it needs
NetBIOS or RPC, then it's probably just going to suck no matter what.)
> Here's the problem. Certain third-party modules the server software
> uses to communicate to other servers on the 'net don't seem to be
> able to deal with the proxy server on the firewall. They're given
> the IP address and port number, but they won't work that way. The
> vendor of this lash-up wanted me to punch a hole through the
> firewall for port 443.
Even if they tunneled well, I'd still want the thing cordoned off from my
internal network and forced to talk nicely with the specific desktop
clients.
I've had this fight with personnel/benifits systems before, and once we
got to the "it needs these two TCP ports" place, isolating it wasn't all
that difficult.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
proberts@patriot.net which may have no basis whatsoever in fact."
probertson@trusecure.com Director of Risk Assessment TruSecure Corporation
- Next message: James Triplett: "Re: [fw-wiz] Too Paranoid?"
- Previous message: Jim Seymour: "[fw-wiz] Too Paranoid?"
- In reply to: Jim Seymour: "[fw-wiz] Too Paranoid?"
- Next in thread: Kevin Steves: "Re: [fw-wiz] Too Paranoid?"
- Reply: Kevin Steves: "Re: [fw-wiz] Too Paranoid?"
- Reply: Mark Tinberg: "Re: [fw-wiz] Too Paranoid?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
