Re: Should a firewall ONLY allow access to an IP range - as well as blocking ports?

From: B. Switzer (bswitzer@myprivacy.ca)
Date: 02/23/03


From: "B. Switzer" <bswitzer@myprivacy.ca>
Date: Sun, 23 Feb 2003 03:18:19 -0500


"sponge" <yosponge@yahoo.com> wrote in message
news:8d76ec03.0302191523.308c5116@posting.google.com...
> On Wed, 19 Feb 2003 18:30:08 +0000 (UTC), "adeveloper"
> <adeveloper@test.com> wrote:
>
> >Just to provide some more details that don't seem to have been clear
> from
> >the last post (see below):
> >We do have a firewall but it is set up to let all IPs access the open
> >ports - we can and know how to restrict this to only allowed IPs but
> the
> >question is should we. The decision I am considering is should we
> restrict
> >access on ports we use to administer the server to an IP range only?
> >

Absolutely. No public access to administration ports - period, except you
have a 3rd party service provider, and they put specific port / ip
restrictions and ipsec or equivalent and secure passwords.

Allow access unrestricted internally (restrict if you like) and force
administrators calling in from outside to validate themselves by using
appropriate methods. VPN, PC Anywhere, direct dial to private network,
whatever.