Re: tunnel vs open a hole

[Dave Rinker <firewall () dsrtech com>]

I would have to concur with the majority. Opening a new port, hardening
the host and beefing up the log monitors to this host looks to be the
best solution.

I believe we all have "swiss cheese" firewalls in one regard or another.
I personally dislike my cheesy FW but have to deal with it just the
same. The best we can do is log, monitor, and more monitoring and catch
it the moment it happens. At least this way we can lock down the port or
host and prevent a disaster. 

Good topic! thanks.



On Mon, 2003-04-07 at 11:21, Anton A. Chuvakin wrote:
> All,
>
> Thanks for lots of great responses! Before asking the question, it seemed
> to me that opening a port also made more sense, and now I am even more
> convinced of that.
>
> >  As port 80 usually means http: Never do that. If you want to
> Certainly.
>
> However, surely people started to httptunnel not just because if was a fun
> thing to do? I suspect it was in part due to the fact that in some
> environments, admins were reallly hard to convince that opening another
> port is possible WHILE allowing almost unrestructred web access. It might
> seem like a contradiction in their security policy, but surely you'd know
> of places where it is done exactly like that. Additionally, what if
> opening a port turns into "lets open yet another port in our swiss-cheese
> firewall and pray this application can't be exploited"?  Will tunneling be
> justified in this case? Will it not reduce security a bit less than
> opening a port?
>
> Best,

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards