Firewall Wizards mailing list archives
Re: tunnel vs open a hole
From: Dave Rinker <firewall () dsrtech com>
Date: 07 Apr 2003 15:55:35 -0400
I would have to concur with the majority. Opening a new port, hardening the host and beefing up the log monitors to this host looks to be the best solution. I believe we all have "swiss cheese" firewalls in one regard or another. I personally dislike my cheesy FW but have to deal with it just the same. The best we can do is log, monitor, and more monitoring and catch it the moment it happens. At least this way we can lock down the port or host and prevent a disaster. Good topic! thanks. On Mon, 2003-04-07 at 11:21, Anton A. Chuvakin wrote:
All, Thanks for lots of great responses! Before asking the question, it seemed to me that opening a port also made more sense, and now I am even more convinced of that.As port 80 usually means http: Never do that. If you want toCertainly. However, surely people started to httptunnel not just because if was a fun thing to do? I suspect it was in part due to the fact that in some environments, admins were reallly hard to convince that opening another port is possible WHILE allowing almost unrestructred web access. It might seem like a contradiction in their security policy, but surely you'd know of places where it is done exactly like that. Additionally, what if opening a port turns into "lets open yet another port in our swiss-cheese firewall and pray this application can't be exploited"? Will tunneling be justified in this case? Will it not reduce security a bit less than opening a port? Best,
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: tunnel vs open a hole, (continued)
- Re: tunnel vs open a hole Adam Shostack (Apr 08)
- Re: tunnel vs open a hole Dave Piscitello (Apr 08)
- Re: tunnel vs open a hole Frederick M Avolio (Apr 09)
- Re: tunnel vs open a hole Frank Knobbe (Apr 08)
- Re: tunnel vs open a hole Adam Shostack (Apr 06)
- Re: tunnel vs open a hole Mikael Olsson (Apr 06)
- Re: tunnel vs open a hole Bernie, CTA (Apr 06)
- Re: tunnel vs open a hole Christine Kronberg (Apr 07)
- Re: tunnel vs open a hole Anton A. Chuvakin (Apr 07)
- Re: tunnel vs open a hole R. DuFresne (Apr 07)
- Re: tunnel vs open a hole Dave Rinker (Apr 07)
- Re: tunnel vs open a hole Mikael Olsson (Apr 08)
- Re: tunnel vs open a hole Bill Royds (Apr 08)