Firewall Wizards mailing list archives
Re: Trust an IP? (IPTables)
From: Daniel Linder <dan_linder () yahoo com>
Date: Wed, 30 Apr 2003 20:45:55 -0700 (PDT)
--- Chris de Vidal <cdevidal () yahoo com> wrote: [snip -- Dan]
Locking it to the MAC address might be even better, but perhaps even that can be spoofed. That's why I'm asking the pros.
This will only work if the device on the outside is on the same switch as the firewall. If you are backing up over the Internet (or a router hop away), then the MAC address that your firewall will see will be the routers...
So is it safe to trust an IP to connect to one port, ala the old r* tools? If not, what is a good alternative?
If you trust that all the networking equipment between your backup server and the client is secure then you are reasonably safe. A better solution might be to setup some sort of authenticated VPN connection between the client and backup server. An IPSec/PPTP/L2TP VPN would be a much more secure way to achieve this. If you use the VPN solution, make sure to put some sort of firewalling on the system which is inside the firewall -- if the client on the outside would get compromised, then the VPN tunnel would be a open route to your internal network. Dan __________________________________ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo. http://search.yahoo.com _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Trust an IP? (IPTables) Daniel Linder (May 01)
- RE: Trust an IP? (IPTables) Bojan Zdrnja (May 02)
- <Possible follow-ups>
- Re: Trust an IP? (IPTables) David Lang (May 01)
- Re: Trust an IP? (IPTables) Paul Robertson (May 01)