Re: Basic Network Configuration

From: DRAx (dra.x_at_ifrance.com)
Date: 10/16/03

  • Next message: Stuart: "RE: windows update / patch release order" 
    Date: Thu, 16 Oct 2003 08:47:23 +0000
To: gillettdavid@fhda.edu

    David Gillett wrote:

    > One implements a DMZ in order to impose three sets of
    > firewall rules:
    > - between the internet and the DMZ subnet
    > - between the internet and the trusted subnet
    > - between the DMZ subnet and the trusted subnet
    >
    > Ignoring, for the moment, vulnerabilities in the firewall
    > itself (more on that later), a single box with three
    > interfaces is quite adequate to deliver this functionality
    > at a quite reasonable cost.

    Sounds like a DUMB thing to do...
    How can u IGNORE (even for a moment) the vulnerabilities in the
    firewall? The 3 NIC Firewall is going to be the box standing between
    you and the hostile world! This is the box that HAS TO BE THE MOST
    SECURE. Up-to-date on patches, NO services running, just some
    iptables/ipchains/netfilter for instance and as UN-EXPLOITABLE as you
    can.

    If the firewall is compromized then so is your LAN.

    How can you ignore the vulnerabilities in the box taking care of your
    network's security?

    ---------------------------------------------------------------------------
    FREE Whitepaper: Better Management for Network Security

    Looking for a better way to manage your IP security?
    Learn how Solsoft can help you:
    - Ensure robust IP security through policy-based management
    - Make firewall, VPN, and NAT rules interoperable across heterogeneous
    networks
    - Quickly respond to network events from a central console

    Download our FREE whitepaper at:
    http://www.securityfocus.com/sponsor/Solsoft_security-basics_031015
    ----------------------------------------------------------------------------

  • Next message: Stuart: "RE: windows update / patch release order"

    Relevant Pages

    • [REVS] Bypassing Client Application Protection Techniques
      ... Get your security news from a reliable source. ... protection programs. ... * Kerio Personal Firewall 4.0 ... And we got actually nothing in the field of client application ...
      (Securiteam)
    • Re: Recycler security issues on IIS server
      ... > latest upates to the server. ... > like to see the server put behind our firewall, ... other software, install all patches, IISlockdown, URLscan, use the correct ... the procedures you follow may vary depending on your security needs. ...
      (microsoft.public.inetserver.iis.security)
    • Why hasnt Symantec addressed nastier Messenger spoofs
      ... Norton / Symantec has been silent on whether Norton Internet Security ... DSL firewall will stop these kinds of pop-ups. ... major ISPs and broadband systems. ...
      (comp.security.misc)
    • Re:RE : suggestions on a good firewall
      ... Subject: RE: suggestions on a good firewall ... CheckPoint does! ... with a url-filtering server. ... IT Technical Security Officer ...
      (Security-Basics)
    • Re: What is the Pattern here ?
      ... These are all Dialup Connections that I had no connection with at the time. ... It's obviously an enormous security hole, ... > and a real firewall box. ...
      (comp.security.firewalls)