Re: [fw-wiz] tunnel vs open a hole
From: Adam Shostack (adam@homeport.org)
Date: 04/06/03
- Previous message: Marcus J. Ranum: "Re: [fw-wiz] tunnel vs open a hole"
- In reply to: Anton A. Chuvakin: "[fw-wiz] tunnel vs open a hole"
- Next in thread: Mikael Olsson: "Re: [fw-wiz] tunnel vs open a hole"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Adam Shostack <adam@homeport.org> To: "Anton A. Chuvakin" <anton@chuvakin.org> Date: Sun, 6 Apr 2003 15:04:50 -0400
On Fri, Apr 04, 2003 at 03:53:36PM -0500, Anton A. Chuvakin wrote:
| All,
|
| Sorry for this somewhat generic query, but I'd really want to know the
| general consensus on the issue from the esteemed list members. I have
| seen that such debates often spark on the list, and I think summary (which
| might arise as a result of my query) would be useful for everybody, so...
|
| ...if to run a new application you'd have to either:
|
| 1. open a new port
| 2. accept tunneling over already open port/protocol
|
| which would you choose?
|
| To clarify, imagine you have to have something that need to talk thru a
| firewall from a less secure compartment to a more secure one. And the
| options are: open TCP port XXXXX (to the required host only, of course),
| or tunnel over currently open (or proxied) port 80?
Opening a new port allows you to compartmentalize, should you discover
that the external component has vulnerabilities.
Adam
-- "It is seldom that liberty of any kind is lost all at once." -Hume _______________________________________________ firewall-wizards mailing list firewall-wizards@honor.icsalabs.com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Marcus J. Ranum: "Re: [fw-wiz] tunnel vs open a hole"
- In reply to: Anton A. Chuvakin: "[fw-wiz] tunnel vs open a hole"
- Next in thread: Mikael Olsson: "Re: [fw-wiz] tunnel vs open a hole"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
