Firewall Wizards mailing list archives

RE: Sources for Extranet Designs?

From: "Wes Noonan" <mailinglists () wjnconsulting com>
Date: Mon, 23 Feb 2004 10:50:58 -0600

Just to add some fuel to the fire, I agree with Ron. Security seems almost
secondary to many B2B implementations. Almost a "if we trust them to
partner, why worry" kind of attitude. 

If you want to look at things that you can do though, there is a relatively
short bullet list[1]:

Use VPNs between sites
Terminate VPNs into DMZs
Implement firewalls at the termination point
Grant access only to those resources in the DMZ that each company needs
access to
Never grant access to your production network or resources

[1] This is by no means an exhaustive list, but at least give a starting
point. The devil of course is in the details.

Wes Noonan
mailinglists () wjnconsulting com  
http://www.wjnconsulting.com  
Hardening Network Infrastructure - A concise how to guide
Available Spring 2004
Order at http://tinyurl.com/2nof4

-----Original Message-----
From: firewall-wizards-admin () honor icsalabs com [mailto:firewall-wizards-
admin () honor icsalabs com] On Behalf Of R. DuFresne
Sent: Monday, February 23, 2004 09:38
To: Baumann, Sean C.
Cc: Paul Robertson; firewall-wizards () honor icsalabs com
Subject: RE: [fw-wiz] Sources for Extranet Designs?

Most that I have read on B2B architectures for extranets covered security,
if they covered security at all, did so in such a minimalist way as to be
of no real consequence.  Functionality is the main concern of most the
wiriteups I've seen, or manuals on such.  Perhaps the best forums for what
you appear to be seeking are right here at your e-mailing fingertips just
awaiting clarification of the information you seek.  I think that was the
context of Paul's reply.

B2B/extranet/VPN solutions, all over blown and over used terms and
technologies that far too often really do not mitigate any og the risks
they are implimented for.

Thanks,

Ron DuFresne

On Mon, 23 Feb 2004, Baumann, Sean C. wrote:

I wasn't particularly looking for a solution, or product.  I was looking
for a comprehensive discussion on network and security architectures for
extranets (B2B), not necessarily available on the web (print is
acceptable).  Instead, I got a plethora of condescending email replies
that gave me little or no information, which did not answer my (probably
not well written) question.  I'll make sure I am more specific in the
future, so I don't get bombarded with "Didn't you google," or "Didn't
they teach you that in _____."

Regards,
Sean

-----Original Message-----
From: Paul Robertson [mailto:proberts () patriot net]
Sent: Sunday, February 22, 2004 11:00 AM
To: Baumann, Sean C.
Cc: firewall-wizards () honor icsalabs com
Subject: Re: [fw-wiz] Sources for Extranet Designs?

On Fri, 20 Feb 2004, Baumann, Sean C. wrote:

Can someone direct me to some decent information on designing extranet
connections?


I think it's better if we start out with you describing what you're
trying
to accomplish.  Terms like "extranet" have been so overloaded for so
long
that the idea you have could be completely different than the one anyone
else does.

Paul
------------------------------------------------------------------------
-----
Paul D. Robertson      "My statements in this message are personal
opinions
proberts () patriot net      which may have no basis whatsoever in fact."
probertson () trusecure com Director of Risk Assessment TruSecure
Corporation
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Sources for Extranet Designs? Baumann, Sean C. (Feb 21)
- Re: Sources for Extranet Designs? Paul Robertson (Feb 22)
- <Possible follow-ups>
- RE: Sources for Extranet Designs? Baumann, Sean C. (Feb 23)
  - RE: Sources for Extranet Designs? Paul Robertson (Feb 23)
  - RE: Sources for Extranet Designs? R. DuFresne (Feb 23)
    - RE: Sources for Extranet Designs? Wes Noonan (Feb 23)
    - RE: Sources for Extranet Designs? Marcus J. Ranum (Feb 23)
- RE: Sources for Extranet Designs? Don Parker (Feb 23)
- RE: Sources for Extranet Designs? Behm, Jeffrey L. (Feb 23)
  - RE: Sources for Extranet Designs? Wes Noonan (Feb 23)
- RE: Sources for Extranet Designs? Frederick M Avolio (Feb 23)
- RE: Sources for Extranet Designs? Baumann, Sean C. (Feb 23)
  - RE: Sources for Extranet Designs? Wes Noonan (Feb 23)
    - RE: Sources for Extranet Designs? Bob Alberti (Feb 23)
    - RE: Sources for Extranet Designs? Wes Noonan (Feb 23)
  - RE: Sources for Extranet Designs? Daniel Linder (Feb 23)

(Thread continues...)