Firewall Wizards mailing list archives
Re: Too Paranoid?
From: Flemming Laugaard <flemming () laugaard dk>
Date: Sun, 29 Sep 2002 23:07:43 +0200
Hi Jim
vendor of this lash-up wanted me to punch a hole through the firewall for port 443.
If you allow this configuration, you are unable to analyze what's going on. You have no way of analyzing the port 443 traffic. The provider _must_ be able to use a proxy. If not, the application is not worth getting on your network, Security-wise. The provider must : Document their application Document the computer configuration Document the security measures taken to secure the system Prove to you that the system is secure Explain their (imho) poor platform choice If this server really is needed in your company, I would place it on a seperate interface on the firewall, and be _really_ strict in the firewall's rulebase. Hope you understand what I wrote. I'm not a native english speaking person. -- Kind regards Flemming Laugaard ------------------------------------ Prof: So the American government went to IBM to come up with a data encryption standard and they came up with ... Student: EBCDIC!" _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Too Paranoid? Jim Seymour (Sep 29)
- Re: Too Paranoid? Paul D. Robertson (Sep 29)
- Re: Too Paranoid? James Triplett (Sep 29)
- Re: Too Paranoid? R. DuFresne (Sep 29)
- Re: Too Paranoid? Dave Piscitello (Sep 29)
- Re: Too Paranoid? Frederick M Avolio (Sep 29)
- Re: Too Paranoid? Dave Piscitello (Sep 29)
- Re: Too Paranoid? Bennett Todd (Sep 30)
- Re: Too Paranoid? Adam Shostack (Sep 30)