Educause Security Discussion mailing list archives
Re: Too Many Exceptions in the Firewall
From: Graham Toal <gtoal () UTPA EDU>
Date: Wed, 1 Nov 2006 08:45:21 -0600
We attempt to offer centralized services for web hosting, database services, etc... The problem seems to be that the faculty wants to be able to touch the systems providing the hosting and be able to show off their quad-core Apple servers pulsing in their office. They also go right to the top (CIO) and fuss causing him in turn to ask us to fix it immediately...therefore causing the firewall exception. Our worry is that this exception will soon be (or already is) out of hand and faculty will spread the word of these exceptions.
Personally I don't see a security issue with remote access (ssh, remote desktop, encrypted VNC) as long as you have good passwords and current patches. Basically it's the same as someone sitting at their desk. Now if you allow file sharing, or general X windows calls, across the perimeter that's a different issue, but just basic simulated sitting-at-the-keyboard access shouldn't be a show-stopper. I would suggest solving your problem by opening up the remote desktop port (or ssh, or whatever you use) to all machines and not get in the position of requiring exceptions, which as you know are hard to manage. The only downside I'm aware of is that if you don't generally allow *any* incoming ports, then if one is open to everyone, you might get people reusing that port for other purposes such as a p2p listener. Graham
Current thread:
- Too Many Exceptions in the Firewall David Buckley (Nov 01)
- <Possible follow-ups>
- Re: Too Many Exceptions in the Firewall Graham Toal (Nov 01)
- Re: Too Many Exceptions in the Firewall Kellogg, Brian D. (Nov 01)
- Re: Too Many Exceptions in the Firewall Jenkins, Matthew (Nov 01)
- Re: Too Many Exceptions in the Firewall Peter Wan (Nov 01)
- Re: Too Many Exceptions in the Firewall HALL, NATHANIEL D. (Nov 01)
- Re: Too Many Exceptions in the Firewall Mark Rogowski (Nov 01)
- Re: Too Many Exceptions in the Firewall Gary Flynn (Nov 01)
- Re: Too Many Exceptions in the Firewall Bob Kehr (Nov 01)
- Re: Too Many Exceptions in the Firewall Randy Marchany (Nov 01)
- Re: Too Many Exceptions in the Firewall Russell Fulton (Nov 01)
- Re: Too Many Exceptions in the Firewall Pufahl, Jason (Nov 08)
(Thread continues...)