Educause Security Discussion mailing list archives
Re: Stateful Perimeter Firewall
From: Cal Frye <cjf () CALFRYE COM>
Date: Tue, 13 Oct 2009 12:08:40 -0400
Dean Halter wrote:
We are considering setting up our firewalls in a stateful, default deny manner. Is it problematic for certain types of software – p2p, grid, etc.? Is this, as some of our folks say, too corporate?
Hi, Dean, There have been many good replies to your questions. One very important feature is having internal firewalls in addition to one at the perimeter. I'll add just two little features we've done here. 1) Skype permits you to set a hign-number port for inbound connections. It's a fairly simple matter for Skype users to make this setting in their preferences, but it does need to be set manually. This will permit you to close the perimeter without breaking Skype, if you care about that. I wish more applications had this option. 2) If you permit students to host game servers on your ResNet, you'll need a small portion of your address space where you can put them with no firewall protection. "Put all your eggs in one basket, and then watch that basket." Any unusual activity from these addresses is assumed to be evidence of a breach until proven otherwise ;-) Small openings like this have great PR value. -- Celebrating the 150th anniversary of the publication of the Origin of Species. -- Cal Frye, Network Administrator, Oberlin College Mudd Library, x.56930 -- CIT will NEVER ask you for your password! www.calfrye.com, www.pitalabs.com "Why make the same mistake twice, when there are so many new ones available?"
Current thread:
- Stateful Perimeter Firewall Dean Halter (Oct 13)
- <Possible follow-ups>
- Re: Stateful Perimeter Firewall Matthew Gracie (Oct 13)
- Re: Stateful Perimeter Firewall Gary Dobbins (Oct 13)
- Re: Stateful Perimeter Firewall Greene, Chip (Oct 13)
- Re: Stateful Perimeter Firewall Parker, Ron (Oct 13)
- Re: Stateful Perimeter Firewall Di Fabio, Andrea (Oct 13)
- Re: Stateful Perimeter Firewall Jones, Dan (Oct 13)
- Re: Stateful Perimeter Firewall Joe St Sauver (Oct 13)
- Re: Stateful Perimeter Firewall Matthew Wollenweber (Oct 13)
- Re: Stateful Perimeter Firewall Cal Frye (Oct 13)
- Re: Stateful Perimeter Firewall Bruce Curtis (Oct 13)
- Re: Stateful Perimeter Firewall Cal Frye (Oct 13)
- Re: Stateful Perimeter Firewall Flynn, Gerald (Oct 14)