RE: [fw-wiz] Authenticated VS Anonymous in a secure Zone
From: Roger Barbeau (r_barbeau_at_videotron.ca)
Date: 05/17/04
- Previous message: Dana Nowell: "RE: [fw-wiz] Worms, Air Gaps and Responsibility"
- Maybe in reply to: Roger Barbeau: "[fw-wiz] Authenticated VS Anonymous in a secure Zone"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: firewall-wizards@honor.icsalabs.com Date: Mon, 17 May 2004 11:47:06 -0400
Thanks Paul and Brandon, your answers are in the same way as I figure the
solution should be, two level of security, anonymous and authenticated
should require two separate zones (DMZ).
But my problem is that I don't have any "Industry Best Practices" to enforce
the orientation that we want to take (Two Zone).
Is anyone know a place were can I get those kind of "Best Practices"?
Regards,
Roger Barbeau
CCDA, CISSP, MCSE
Email: rbarbeau@lgs.com
-----Original Message-----
From: Fetch, Brandon [mailto:BFetch@texpac.com]
Sent: May 14, 2004 4:12 PM
To: 'Roger Barbeau'
Subject: RE: [fw-wiz] Authenticated VS Anonymous in a secure Zone
Roger,
I can't say explicitly there will be a security concern, but what are the
expectations of the authenticated system? If there were an expectation and
presumption of a more secure transaction with that system, I'd take all
necessary precautions to ensure this; which would mean physically or
logically separating them.
I can't say for certain if this is possible in your scenario but perhaps
providing for a two DMZ setup - one for anonymous and the other for
authenticated traffic.
One thing for a security person to keep in mind is what would a potential
hacker want to do with my systems? If I were able to compromise an
anonymous system and perhaps get nothing of interest, what would stop me
from scanning the remote system's sub-net for other ripe pickings? This
would mean your same DMZ connected and authenticated system is now directly
vulnerable to the compromised system.
Is that something that you, your company, or your client is willing to risk?
Just some things to dwell on I guess.
Hope my meanderings helped.
Regards,
Brandon
Brandon Fetch
817-871-4036
-- carpe ductum -- "Grab the tape"
-----Original Message-----
From: Roger Barbeau [mailto:r_barbeau@videotron.ca]
Sent: Friday, May 14, 2004 2:04 PM
To: firewall-wizards@honor.icsalabs.com
Subject: [fw-wiz] Authenticated VS Anonymous in a secure Zone
Hi!
A design question for all of you.
Let's say that we have two web servers in our DMZ.
Traffic to the web server 1 is authenticated by the firewall and the
credential is relayed to the web server 1.
Traffic to the web server 2 is anonymous.
What is the security concern about having authenticated traffic and
anonymous traffic going to the same zone?
Regards,
Roger Barbeau
CCDA, CISSP, MCSE
Email: rbarbeau@lgs.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
This message is intended only for the person(s) to which it is addressed
and may contain privileged, confidential and/or insider information.
If you have received this communication in error, please notify us
immediately by replying to the message and deleting it from your computer.
Any disclosure, copying, distribution, or the taking of any action
concerning
the contents of this message and any attachment(s) by anyone other
than the named recipient(s) is strictly prohibited.
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Dana Nowell: "RE: [fw-wiz] Worms, Air Gaps and Responsibility"
- Maybe in reply to: Roger Barbeau: "[fw-wiz] Authenticated VS Anonymous in a secure Zone"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
