Re: Proxy server hit... Any ideas?

From: Valdis.Kletnieks@vt.edu
Date: 11/22/02

Next message: Russell Fulton: "Re: New scanner?"

Previous message: Emeric Miszti: "Re: Proxy server hit... Any ideas?"
In reply to: Emeric Miszti: "Re: Proxy server hit... Any ideas?"
Next in thread: Åke Nordin: "RE: Proxy server hit... Any ideas?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Emeric Miszti <emeric@uksecurityonline.com>
From: Valdis.Kletnieks@vt.edu
Date: Thu, 21 Nov 2002 23:12:13 -0500

On Fri, 22 Nov 2002 00:52:42 GMT, Emeric Miszti said:

> 1) Ensure that you have an effective perimeter firewall that blocks all
> incoming traffic to the new box

Excuse me while I fall over laughing. I have some 30K hosts on my network,
and there's no really scalable way to say "OK, this box is about to be
upgraded, disable its HTTP access to anything other than windowsupdate"
and then 3 hours later "OK, let it talk to the rest of the web again".

The rest of Emeric's points are quite good - but sometimes it's not as
easy as it looks... ;)

-- 
				Valdis Kletnieks
				Computer Systems Senior Engineer
				Virginia Tech

application/pgp-signature attachment: stored

Next message: Russell Fulton: "Re: New scanner?"
Previous message: Emeric Miszti: "Re: Proxy server hit... Any ideas?"
In reply to: Emeric Miszti: "Re: Proxy server hit... Any ideas?"
Next in thread: Åke Nordin: "RE: Proxy server hit... Any ideas?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]