Firewall Wizards mailing list archives
Re: Too Paranoid?
From: "Paul D. Robertson" <proberts () patriot net>
Date: Sun, 29 Sep 2002 12:25:27 -0400 (EDT)
On Sun, 29 Sep 2002, Jim Seymour wrote:
Hi,
Hi Jim,
it. Proprietary server software runs on this server and proprietary software to talk to the server runs on one-or-more MS-Win desktops. They use ActiveX controls. The server, in turn, must communicate
What protocols does the desktop<-> server stuff need? It seems to me that the best bet would be to put the 2k server outside the firewall on a service network and allow the clients to go out and access it, but this assumes some level of control over the client<->server protocol (if it's just TCP-based one-off stuff, I think you're still better off, if it needs NetBIOS or RPC, then it's probably just going to suck no matter what.)
Here's the problem. Certain third-party modules the server software uses to communicate to other servers on the 'net don't seem to be able to deal with the proxy server on the firewall. They're given the IP address and port number, but they won't work that way. The vendor of this lash-up wanted me to punch a hole through the firewall for port 443.
Even if they tunneled well, I'd still want the thing cordoned off from my internal network and forced to talk nicely with the specific desktop clients. I've had this fight with personnel/benifits systems before, and once we got to the "it needs these two TCP ports" place, isolating it wasn't all that difficult. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions proberts () patriot net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecure Corporation _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Too Paranoid? Jim Seymour (Sep 29)
- Re: Too Paranoid? Paul D. Robertson (Sep 29)
- Re: Too Paranoid? James Triplett (Sep 29)
- Re: Too Paranoid? R. DuFresne (Sep 29)
- Re: Too Paranoid? Dave Piscitello (Sep 29)
- Re: Too Paranoid? Frederick M Avolio (Sep 29)
- Re: Too Paranoid? Dave Piscitello (Sep 29)
- Re: Too Paranoid? Bennett Todd (Sep 30)
- Re: Too Paranoid? Adam Shostack (Sep 30)