Firewall Wizards mailing list archives
RE: Re: Air Gaps vs. Firewalls
From: Ryan Russell <ryan () securityfocus com>
Date: Wed, 4 Oct 2000 09:57:02 -0700 (PDT)
On Tue, 3 Oct 2000, Rick Smith wrote:
In other words you're trying to restrict the URLs *at the firewall* to match the anticipated properties of the web applications being restricted on one side or the other. This sounds very similar to strategies we tried with DBMS proxies a few years back.
You're right, this would be really, really hard to get right, and match the web app. Heck, if you could get the specs good enough that you could spell out the URL formats allowed, you could probably get it right at the web server. Never hurts to have a backup enforcer, though. Where something like this would really be fun is in a situation where the firewall admin/security officers/whatever is supposed to approve new web apps. This would actually give them a way to enforce the policy. I used to have a problem at a previous job with systems administrators attaching new machines to the DMZ, thinking they were going to go live. They could get an address, and figure out which port to plug into on the switch, but they got nowhere until I changed the firewall config. (After completeing the lockdown/review process that was supposed to happen before they got that far, of course.) Ryan _______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- Air Gaps vs. Firewalls Mike Bobbitt (Oct 01)
- Re: Air Gaps vs. Firewalls Mikael Olsson (Oct 01)
- <Possible follow-ups>
- RE: Re: Air Gaps vs. Firewalls rreiner (Oct 03)
- RE: Re: Air Gaps vs. Firewalls Rick Smith (Oct 04)
- Re: Re: Air Gaps vs. Firewalls Chuck Swiger (Oct 04)
- Log monitoring / alerting Jean Caron (Oct 09)
- RE: Re: Air Gaps vs. Firewalls Ryan Russell (Oct 04)
- RE: Re: Air Gaps vs. Firewalls Rick Smith (Oct 04)
- RE: Re: Air Gaps vs. Firewalls Rick Smith (Oct 04)
- RE: Re: Air Gaps vs. Firewalls Rick Smith (Oct 04)
- RE: Re: Air Gaps vs. Firewalls Frederick M Avolio (Oct 04)
- RE: Re: Air Gaps vs. Firewalls Rick Smith (Oct 04)
- Re: Air Gaps vs. Firewalls Rick Smith at Secure Computing (Oct 14)
- Re: Air Gaps vs. Firewalls Talisker (Oct 20)