RE: [fw-wiz] ISP firewalling of residential customers - was - About Port Forwarding, Apache and Firewall Rules
From: Paul D. Robertson (paul_at_compuwar.net)
Date: 09/02/04
- Previous message: Kevin Sheldrake: "Re: [fw-wiz] Linux Firewall Distributions"
- In reply to: Jonathan Rickman: "RE: [fw-wiz] ISP firewalling of residential customers - was - About Port Forwarding, Apache and Firewall Rules"
- Next in thread: Jonathan Rickman: "RE: [fw-wiz] ISP firewalling of residential customers - was - About Port Forwarding, Apache and Firewall Rules"
- Reply: Jonathan Rickman: "RE: [fw-wiz] ISP firewalling of residential customers - was - About Port Forwarding, Apache and Firewall Rules"
- Reply: Mason Schmitt: "Re: [fw-wiz] ISP firewalling of residential customers - was - About Port Forwarding, Apache and Firewall Rules"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Jonathan Rickman <jonathan@xcorps.net> Date: Thu, 2 Sep 2004 11:36:20 -0400 (EDT)
On Thu, 2 Sep 2004, Jonathan Rickman wrote:
> By far, the best compromise is to filter at the customer end point. At least
Some filtering there is "best," but endpoint compromise and out of zone
control don't make it always the "best" place...
> one fairly large ISP now ships a broadband gateway with the firewall
Who? Which gateway? Configured with what policy?
> preconfigured. The customer is free to alter the filters if so inclined, but
> we all know that the default configuration will remain in place 99.9% of the
> time. There is a risk of tech support calls with this just like any other
> setup. However, this policy seems to me to be the most equitable across the
That pretty much rocks.
> board. The trick is getting the proper ruleset in place. For instance, the
> aforementioned ISP did not enable outbound TCP 1494, which caused a problem
> for telecommuters using Citrix without going through CSG. With the proper
> research, this would have been avoidable. They also failed to put a workable
> management system in place to remedy this problem. Both mistakes you should
> take note of.
Heck, I'm floored that someone's doing egress filtering by default! I
would like to know who, their praises should be sung from the highest
peaks!
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
paul@compuwar.net which may have no basis whatsoever in fact."
probertson@trusecure.com Director of Risk Assessment TruSecure Corporation
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Kevin Sheldrake: "Re: [fw-wiz] Linux Firewall Distributions"
- In reply to: Jonathan Rickman: "RE: [fw-wiz] ISP firewalling of residential customers - was - About Port Forwarding, Apache and Firewall Rules"
- Next in thread: Jonathan Rickman: "RE: [fw-wiz] ISP firewalling of residential customers - was - About Port Forwarding, Apache and Firewall Rules"
- Reply: Jonathan Rickman: "RE: [fw-wiz] ISP firewalling of residential customers - was - About Port Forwarding, Apache and Firewall Rules"
- Reply: Mason Schmitt: "Re: [fw-wiz] ISP firewalling of residential customers - was - About Port Forwarding, Apache and Firewall Rules"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
