Re: Should a firewall ONLY allow access to an IP range - as well as blocking ports?

From: Barry Margolin (barry.margolin@level3.com)
Date: 02/19/03


From: Barry Margolin <barry.margolin@level3.com>
Date: Wed, 19 Feb 2003 18:42:31 GMT

In article <b30ifg$p35$1@knossos.btinternet.com>,
adeveloper <adeveloper@test.com> wrote:
>Just to provide some more details that don't seem to have been clear from
>the last post (see below):
>We do have a firewall but it is set up to let all IPs access the open
>ports - we can and know how to restrict this to only allowed IPs but the
>question is should we. The decision I am considering is should we restrict
>access on ports we use to administer the server to an IP range only?

If there's no reason why anyone should need to access these ports from
other IP's, why not?

>Some people mentioned practical considerations like access the server when
>travelling from a DHCP allocated address which is an interesting point. I
>just want to know what most people do here.

VPNs and SSH tunnels are often used to get "virtually inside" the security
perimiter before allowing access to everything else.

-- 
Barry Margolin, barry.margolin@level3.com
Genuity Managed Services, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.


Relevant Pages