RE: [fw-wiz] monitoring and controlling servers on internet segme nt

From: Yinal Ozkan (Yinal.Ozkan_at_Integralis.Com)
Date: 05/04/04

  • Next message: Richard.Bertolett_at_ci.austin.tx.us: "RE: [fw-wiz] monitoring and controlling servers on internet segme nt"
    To: 'Shimon Silberschlag' <shimons@bll.co.il>, firewall-wizards@honor.icsalabs.com
    Date: Tue, 4 May 2004 09:19:11 -0400
    
    

    Hi Shimon,
    That is why you have DMZs. Yes it is not a good idea to not to open inbound
    traffic. Actually it is not good to open any traffic from outside. On the
    other hand, an intermediary server on the untrusted network is vulnerable as
    other hosts.

    A better approach is the locate the intermediary server on a different DMZ
    protected by the firewall. This setup will protect the intermediary from any
    exploit that does not use the monitoring traffic (e.g. sasser) And also, if
    this host is ever compromised (which is possible) after internet hosts, your
    trusted network will be behind the firewall.

    cheers,
    - yinal

    Yinal OZKAN

    INTEGRALIS
    http://www.integralis.com
    1-877-557-1475

    -----Original Message-----
    From: Shimon Silberschlag [mailto:shimons@bll.co.il]
    Sent: Tuesday, May 04, 2004 5:53 AM
    To: firewall-wizards@honor.icsalabs.com
    Subject: [fw-wiz] monitoring and controlling servers on internet segment

    Lets say that a client have various servers on an internet segment, which is
    separated from the internal network with a firewall.
    The client wants to have an agent reporting various events back to the
    management center, which is on the internal net. The protocol in use uses
    fixed ports, and is encrypted with mutual authentication between machines.
    The client does not want to open up all servers to the internal net, so he
    puts an intermediary server on the internet segment, which gets the reports
    from all internet servers, and pushes them to the management center on the
    inside. There is no option to poll the intermediary.
    The only other option is to install a separate management center for the
    internet segment, with the associated costs in purchase and maintenance.

    Would using such a setup (the intermediary one) constitute good, bad or best
    practice?

    Shimon Silberschlag

    +972-3-9351572
    +972-51-207130

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

    Please note that:
     
    1. This e-mail may constitute privileged information. If you are not the intended recipient, you have received this confidential email and any attachments transmitted with it in error and you must not disclose, copy, circulate or in any other way use or rely on this information.
    2. E-mails to and from the company are monitored for operational reasons and in accordance with lawful business practices.
    3. The contents of this email are those of the individual and do not necessarily represent the views of the company.
    4. The company does not conclude contracts by email and all negotiations are subject to contract.
    5. The company accepts no responsibility once an e-mail and any attachments is sent.

    http://www.integralis.com

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Richard.Bertolett_at_ci.austin.tx.us: "RE: [fw-wiz] monitoring and controlling servers on internet segme nt"

    Relevant Pages

    • ebooks share lits 372
      ... Corrosion of Ceramic and Composite Materials Corrosion Technology (New ... Secure Internet Practices: Best Practices for Securing Systems in the ... Knowledge Management and Organizations: Process, ... Early Studies Clinical Governance (Online); ...
      (sci.med.nutrition)
    • And all hes got to do is moderate the usenet.
      ... Internet Project - Web Design Project - Network Project - Security ... 2007 French National Plastic Arts Centre - www.cnap.fr ... management and general content buffer/validation system. ...
      (soc.culture.thai)
    • Re: AMD planning 45nm 12-Core Istanbul Processor ?
      ... "cubic dollars" I take as BILLIONS, and AMD has never had this to ... Intel might over a number of years. ... management would have worked before Long Term Capital Management. ... packet capture there really is no way to regulate the internet. ...
      (comp.sys.ibm.pc.hardware.chips)
    • Re: Solution Manual, Instructor Manual, Test Bank COLLECTION
      ... Human Resource Management, 10th Edition, Mondy, Test Bank ... Human Resource Management: Linking Strategy to Practice, ... Financial Accounting, Reporting & Analysis, 2nd International Edition, ... Internet & World Wide Web: How to Program, 4th Edition, Deitel, ...
      (sci.physics)
    • Re: Program to monitor employee internet usage
      ... then the internet issue can be addressed ... reduced workload output by any one or group of employees as a result of ... the most effective policies for internet usage ... > A member of management has asked me to research available programs to log internet usage on our corporate network. ...
      (Security-Basics)