Firewall Wizards mailing list archives

Re: Opening ports in Firewall

From: Frank Willoughby <frankw () in net>
Date: Fri, 16 Oct 1998 14:05:00 -0500

At 08:35 AM 10/16/98 -0500, Hines Dennis wrote:

Aside from IP tunneling, what are the risks associated with opening an
outbound port, say 7100, in a firewall to support an application that makes
a direct connection to a site on the Internet (via IP address) for the
purpose of say downloading software updates.  What are the risks if the
firewall is an SPF, proxy, or packet filter - (with or without NAT).


One of the risks is that someone may spoof the software update site and
have you download a program containing a trojan horse, logic bomb, worm,
virus, or any of a multitude of undesired functionalities.

Thanks for the insight,

Dennis

---
Dennis Hines
dennis.hines () columbia net
---


Best Regards,


Frank
The opinions of the author of this mail may not necessarily be 
representative of the opinions of Fortifed Networks, Inc.

(c) Fortified Networks, Inc. - http://www.fortified.com/
Home of the Free Internet Firewall Evaluation Checklist
Expert (vendor-neutral) Computer and Network Security Solutions
Fixed Price Contracts - Expert Information Security Officers
Phone: (317) 573-0800     Fax: (317) 573-0817

Current thread:

Opening ports in Firewall Hines Dennis (Oct 16)
- Re: Opening ports in Firewall Frank Willoughby (Oct 19)
- Re: Opening ports in Firewall Frank Willoughby (Oct 23)