RE: [fw-wiz] Sources for Extranet Designs?
From: Wes Noonan (mailinglists_at_wjnconsulting.com)
Date: 02/23/04
- Previous message: Don Parker: "RE: [fw-wiz] Sources for Extranet Designs?"
- In reply to: R. DuFresne: "RE: [fw-wiz] Sources for Extranet Designs?"
- Next in thread: Marcus J. Ranum: "RE: [fw-wiz] Sources for Extranet Designs?"
- Reply: Marcus J. Ranum: "RE: [fw-wiz] Sources for Extranet Designs?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'R. DuFresne'" <dufresne@sysinfo.com>, "'Baumann, Sean C.'" <Sean.Baumann@celera.com> Date: Mon, 23 Feb 2004 10:50:58 -0600
Just to add some fuel to the fire, I agree with Ron. Security seems almost
secondary to many B2B implementations. Almost a "if we trust them to
partner, why worry" kind of attitude.
If you want to look at things that you can do though, there is a relatively
short bullet list[1]:
Use VPNs between sites
Terminate VPNs into DMZs
Implement firewalls at the termination point
Grant access only to those resources in the DMZ that each company needs
access to
Never grant access to your production network or resources
[1] This is by no means an exhaustive list, but at least give a starting
point. The devil of course is in the details.
Wes Noonan
mailinglists@wjnconsulting.com
http://www.wjnconsulting.com
Hardening Network Infrastructure - A concise how to guide
Available Spring 2004
Order at http://tinyurl.com/2nof4
> -----Original Message-----
> From: firewall-wizards-admin@honor.icsalabs.com [mailto:firewall-wizards-
> admin@honor.icsalabs.com] On Behalf Of R. DuFresne
> Sent: Monday, February 23, 2004 09:38
> To: Baumann, Sean C.
> Cc: Paul Robertson; firewall-wizards@honor.icsalabs.com
> Subject: RE: [fw-wiz] Sources for Extranet Designs?
>
>
> Most that I have read on B2B architectures for extranets covered security,
> if they covered security at all, did so in such a minimalist way as to be
> of no real consequence. Functionality is the main concern of most the
> wiriteups I've seen, or manuals on such. Perhaps the best forums for what
> you appear to be seeking are right here at your e-mailing fingertips just
> awaiting clarification of the information you seek. I think that was the
> context of Paul's reply.
>
> B2B/extranet/VPN solutions, all over blown and over used terms and
> technologies that far too often really do not mitigate any og the risks
> they are implimented for.
>
> Thanks,
>
> Ron DuFresne
>
> On Mon, 23 Feb 2004, Baumann, Sean C. wrote:
>
> > I wasn't particularly looking for a solution, or product. I was looking
> > for a comprehensive discussion on network and security architectures for
> > extranets (B2B), not necessarily available on the web (print is
> > acceptable). Instead, I got a plethora of condescending email replies
> > that gave me little or no information, which did not answer my (probably
> > not well written) question. I'll make sure I am more specific in the
> > future, so I don't get bombarded with "Didn't you google," or "Didn't
> > they teach you that in _____."
> >
> > Regards,
> > Sean
> >
> > -----Original Message-----
> > From: Paul Robertson [mailto:proberts@patriot.net]
> > Sent: Sunday, February 22, 2004 11:00 AM
> > To: Baumann, Sean C.
> > Cc: firewall-wizards@honor.icsalabs.com
> > Subject: Re: [fw-wiz] Sources for Extranet Designs?
> >
> > On Fri, 20 Feb 2004, Baumann, Sean C. wrote:
> >
> > > Can someone direct me to some decent information on designing extranet
> > > connections?
> >
> > I think it's better if we start out with you describing what you're
> > trying
> > to accomplish. Terms like "extranet" have been so overloaded for so
> > long
> > that the idea you have could be completely different than the one anyone
> > else does.
> >
> > Paul
> > ------------------------------------------------------------------------
> > -----
> > Paul D. Robertson "My statements in this message are personal
> > opinions
> > proberts@patriot.net which may have no basis whatsoever in fact."
> > probertson@trusecure.com Director of Risk Assessment TruSecure
> > Corporation
> > _______________________________________________
> > firewall-wizards mailing list
> > firewall-wizards@honor.icsalabs.com
> > http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
> > _______________________________________________
> > firewall-wizards mailing list
> > firewall-wizards@honor.icsalabs.com
> > http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
> >
>
> --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> admin & senior security consultant: sysinfo.com
> http://sysinfo.com
>
> "Cutting the space budget really restores my faith in humanity. It
> eliminates dreams, goals, and ideals and lets us get straight to the
> business of hate, debauchery, and self-annihilation."
> -- Johnny Hart
>
> testing, only testing, and damn good at it too!
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Don Parker: "RE: [fw-wiz] Sources for Extranet Designs?"
- In reply to: R. DuFresne: "RE: [fw-wiz] Sources for Extranet Designs?"
- Next in thread: Marcus J. Ranum: "RE: [fw-wiz] Sources for Extranet Designs?"
- Reply: Marcus J. Ranum: "RE: [fw-wiz] Sources for Extranet Designs?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
