Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: DMZ best practices

From: Security <NTSecurity () pointnet nl>
Date: Wed, 20 Jan 1999 09:40:22 +0100
My comments on Dominique Brezinski about Having ID sensors outside the
firewall...

There are three reasons why having ID sensors outside the firewall is
important:

1.      Many people want to know what is happening there. Is the firewall
well configured? Is it very often under attack?
2.      I think the most valuable feature of a well-configured ID system is
the ability to react on an attack or misuse.  For instance, when a portscan
on the firewall is detected, the firewall can block the IP address of the
intruder for a while. 
3.      In case of a DMZ protected by the firewall (3rd NIC), the firewall
will not protect the servers in the DMZ against attacks as vulnerable CGI
scripts E-mail-WIZ, etc. An ID system outside the firewall can reconfigure
the firewall or kill the TCP-connection to prevent this.


Arjen Rijpma
PointNet Security Systems.


Postbus 337, 2400 AH Alphen aan den Rijn, Netherlands
Tel: +31 (0)172-424081 Fax: +31 (0)172-426184
http://www.veilig.net  E-mail: A.Rijpma () pointgroup nl
Previous By Date Next
Previous By Thread Next

Current thread: