Firewall Wizards mailing list archives
Re: DMZ best practices
From: Security <NTSecurity () pointnet nl>
Date: Wed, 20 Jan 1999 09:40:22 +0100
My comments on Dominique Brezinski about Having ID sensors outside the firewall... There are three reasons why having ID sensors outside the firewall is important: 1. Many people want to know what is happening there. Is the firewall well configured? Is it very often under attack? 2. I think the most valuable feature of a well-configured ID system is the ability to react on an attack or misuse. For instance, when a portscan on the firewall is detected, the firewall can block the IP address of the intruder for a while. 3. In case of a DMZ protected by the firewall (3rd NIC), the firewall will not protect the servers in the DMZ against attacks as vulnerable CGI scripts E-mail-WIZ, etc. An ID system outside the firewall can reconfigure the firewall or kill the TCP-connection to prevent this. Arjen Rijpma PointNet Security Systems. Postbus 337, 2400 AH Alphen aan den Rijn, Netherlands Tel: +31 (0)172-424081 Fax: +31 (0)172-426184 http://www.veilig.net E-mail: A.Rijpma () pointgroup nl
Current thread:
- DMZ best practices Perry, David (Jan 15)
- Re: DMZ best practices Bennett Todd (Jan 19)
- <Possible follow-ups>
- Re: DMZ best practices John Kozubik (Jan 18)
- Re: DMZ best practices Jeromie Jackson (Jan 19)
- Re: DMZ best practices Amos Hayes (Jan 20)
- Re: DMZ best practices Dominique Brezinski (Jan 19)
- Re: DMZ best practices Jeromie Jackson (Jan 19)
- Re: DMZ best practices Bill_Royds (Jan 19)
- RE: DMZ best practices Andreas Haug (Jan 20)
- Re: DMZ best practices John Kozubik (Jan 20)
- Re: DMZ best practices Security (Jan 20)
- Re: DMZ best practices Dominique Brezinski (Jan 21)
- RE: DMZ best practices Bill_Royds (Jan 21)
- RE: DMZ best practices Andreas Haug (Jan 26)
- Re: RE: DMZ best practices Robert MACDONALD (Jan 21)
- Re: RE: DMZ best practices Joseph S D Yao (Jan 26)
- RE: DMZ best practices Security (Jan 26)
- RE: DMZ best practices Dominique Brezinski (Jan 26)
- RE: DMZ best practices David LeBlanc (Jan 27)
- DMZ best practices Arjen Rijpma (Jan 26)
- RE: DMZ best practices John Kozubik (Jan 28)