Re: monitoring and controlling servers on internet segment

["Shimon Silberschlag" <shimons () bll co il>]

My mistake for not spelling this out. The intermediary IS located in a DMZ
on the FW, and accepts only the monitored traffic from the other servers.

Will such a setup be regarded "secure enough"? Is it done in practice?

Shimon Silberschlag

+972-3-9351572
+972-51-207130


----- Original Message ----- 
From: "Yinal Ozkan" <Yinal.Ozkan () Integralis Com>
To: "'Shimon Silberschlag'" <shimons () bll co il>;
<firewall-wizards () honor icsalabs com>
Sent: Tuesday, May 04, 2004 15:19
Subject: RE: [fw-wiz] monitoring and controlling servers on internet segment


> Hi Shimon,
> That is why you have DMZs.  Yes it is not a good idea to not to open
inbound
> traffic. Actually it is not good to open any traffic from outside. On the
> other hand, an intermediary server on the untrusted network is vulnerable
as
> other hosts.
>
> A better approach is the locate the intermediary server on a different DMZ
> protected by the firewall. This setup will protect the intermediary from
any
> exploit that does not use the monitoring traffic (e.g. sasser) And also,
if
> this host is ever compromised (which is possible) after internet hosts,
your
> trusted network will be behind the firewall.
>
> cheers,
> - yinal
>
> Yinal OZKAN
>
> INTEGRALIS
> http://www.integralis.com
> 1-877-557-1475
>
>
>
>
> -----Original Message-----
> From: Shimon Silberschlag [mailto:shimons () bll co il]
> Sent: Tuesday, May 04, 2004 5:53 AM
> To: firewall-wizards () honor icsalabs com
> Subject: [fw-wiz] monitoring and controlling servers on internet segment
>
>
> Lets say that a client have various servers on an internet segment, which
is
> separated from the internal network with a firewall.
> The client wants to have an agent reporting various events back to the
> management center, which is on the internal net. The protocol in use uses
> fixed ports, and is encrypted with mutual authentication between machines.
> The client does not want to open up all servers to the internal net, so he
> puts an intermediary server on the internet segment, which gets the
reports
> from all internet servers, and pushes them to the management center on the
> inside. There is no option to poll the intermediary.
> The only other option is to install a separate management center for the
> internet segment, with the associated costs in purchase and maintenance.
>
> Would using such a setup (the intermediary one) constitute good, bad or
best
> practice?
>
>
> Shimon Silberschlag
>
> +972-3-9351572
> +972-51-207130
>
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards () honor icsalabs com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
>
>
> Please note that:
>
> 1. This e-mail may constitute privileged information. If you are not the
intended recipient, you have received this confidential email and any
attachments transmitted with it in error and you must not disclose, copy,
circulate or in any other way use or rely on this information.
> 2. E-mails to and from the company are monitored for operational reasons
and in accordance with lawful business practices.
> 3. The contents of this email are those of the individual and do not
necessarily represent the views of the company.
> 4. The company does not conclude contracts by email and all negotiations
are subject to contract.
> 5. The company accepts no responsibility once an e-mail and any
attachments is sent.
> http://www.integralis.com

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards