Educause Security Discussion mailing list archives
Re: firewall holes for particular machines
From: Brian Kaye <bdk () UNB CA>
Date: Wed, 13 May 2009 11:38:04 -0300
Are you talking about an institutional firewall or host based firewalls? Would you be doing a DNS query for every packet that arrives? Even if an intelligent scheme is used this would be a big load on the hosts, the firewall and the DNS. ......Brian Kaye ......UNB On Wed, 13 May 2009, Kevin Shalla wrote:
Date: Wed, 13 May 2009 09:27:53 -0500 From: Kevin Shalla <kshalla () UIC EDU> Reply-To: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] firewall holes for particular machines I've been working with some people to set up firewall rules to allow particular IP addresses. We're going to be changing many IP addresses soon, but keeping the same hostnames for them, so I suggested setting the firewall rules to use hostnames instead, so that there would be no downtime, and less maintenance the next time IP addresses change. My thinking is that there isn't much security that's added by using IPs instead of hostnames, and using hostnames would slightly increase the processing needed, but hostnames are more convenient. Am I missing something?
Current thread:
- firewall holes for particular machines Kevin Shalla (May 13)
- <Possible follow-ups>
- Re: firewall holes for particular machines Chris Schenk (May 13)
- Re: firewall holes for particular machines Brian Kaye (May 13)
- Re: firewall holes for particular machines Di Fabio, Andrea (May 13)
- Re: firewall holes for particular machines F.M. Taylor (May 13)
- Re: firewall holes for particular machines Kevin Wilcox (May 13)
- Re: firewall holes for particular machines Chris Green (May 13)
- Re: firewall holes for particular machines David Gillett (May 13)
- Re: firewall holes for particular machines Gary Flynn (May 13)
- Re: firewall holes for particular machines Megan Carney (May 13)
- Re: firewall holes for particular machines leo song (May 14)
- Re: firewall holes for particular machines Zach Jansen (May 14)
- Re: firewall holes for particular machines Kevin Wilcox (May 14)
(Thread continues...)