Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: firewall holes for particular machines

From: "F.M. Taylor" <fmtaylor () PURDUE EDU>
Date: Wed, 13 May 2009 10:39:58 -0400
Yes, one DNS hack and "all your base are belong to us".

On Wednesday 13 May 2009, Kevin Shalla formed electrons in this pattern:

I've been working with some people to set up firewall rules to allow
particular IP addresses.  We're going to be changing many IP
addresses soon, but keeping the same hostnames for them, so I
suggested setting the firewall rules to use hostnames instead, so
that there would be no downtime, and less maintenance the next time
IP addresses change.  My thinking is that there isn't much security
that's added by using IPs instead of hostnames, and using hostnames
would slightly increase the processing needed, but hostnames are more
convenient.  Am I missing something?




-- 
......\\|//........^^^^^........)))((........%%%%%........,,,,,......
......(- -)........(o o)........(- o)........(0-0)........(* *)......     
+--ooO-(_)-Ooo--oo0-(_)-0oo--ooO-(_)-Ooo--oo0-(_)-0oo--ooO-(_)-Ooo--+
| F.M. (Mike) Taylor........'Recedite, plebes! Gero rem imperialem!'|
| 'Ecce potestas casei'..............GIAC GSEC & GCFW Certified.....|
| Desk: 765-494-1872.....................C: 765-409-8140............|
+-------------------------------------------------------------------+
Previous By Date Next
Previous By Thread Next

Current thread: