RE: [fw-wiz] monitoring and controlling servers on internet segme nt

• Previous message: Yinal Ozkan: "RE: [fw-wiz] monitoring and controlling servers on internet segme nt"
• Maybe in reply to: Yinal Ozkan: "RE: [fw-wiz] monitoring and controlling servers on internet segme nt"
• Next in thread: Patrick Giagnocavo +1.717.201.3366: "Re: [fw-wiz] monitoring and controlling servers on internet segment"
• Reply: Patrick Giagnocavo +1.717.201.3366: "Re: [fw-wiz] monitoring and controlling servers on internet segment"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: shimons@bll.co.il
Date: Tue, 4 May 2004 08:34:34 -0500

Shimon,
If your firewall will support another NIC, then I would say that the below
case is a prime candidate for a DMZ setup. You could then put the
'Intermediary server' there, and use it to update the intranet. Further to
that, you could also consider moving other servers there as well, for
instance the web server (if there is one.) You then use a simple forward
caching server out on the internet. The goal here is to provide as small an
attack profile as possible to the internet.

Regards,
Rick Bertolett
Austin Water Utility
512-972-0225

-----Original Message-----
From: Shimon Silberschlag [mailto:shimons@bll.co.il]
Sent: Tuesday, May 04, 2004 4:53 AM
To: firewall-wizards@honor.icsalabs.com
Subject: [fw-wiz] monitoring and controlling servers on internet segment

Lets say that a client have various servers on an internet segment, which is
separated from the internal network with a firewall.
The client wants to have an agent reporting various events back to the
management center, which is on the internal net. The protocol in use uses
fixed ports, and is encrypted with mutual authentication between machines.
The client does not want to open up all servers to the internal net, so he
puts an intermediary server on the internet segment, which gets the reports
from all internet servers, and pushes them to the management center on the
inside. There is no option to poll the intermediary.
The only other option is to install a separate management center for the
internet segment, with the associated costs in purchase and maintenance.

Would using such a setup (the intermediary one) constitute good, bad or best
practice?

Shimon Silberschlag

+972-3-9351572
+972-51-207130

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Yinal Ozkan: "RE: [fw-wiz] monitoring and controlling servers on internet segme nt"
• Maybe in reply to: Yinal Ozkan: "RE: [fw-wiz] monitoring and controlling servers on internet segme nt"
• Next in thread: Patrick Giagnocavo +1.717.201.3366: "Re: [fw-wiz] monitoring and controlling servers on internet segment"
• Reply: Patrick Giagnocavo +1.717.201.3366: "Re: [fw-wiz] monitoring and controlling servers on internet segment"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]