Penetration Testing mailing list archives
Re: publications concerning port forwarding
From: "Brendan Murray" <xasperated () gmail com>
Date: Wed, 11 Apr 2007 16:24:48 +1200
On 4/11/07, Jason L. Ellison <infotek () datasync com> wrote:
List, I'm currently doing work for a large company as a consultant. Another consultant is installing a MS Exchange server and is now requesting for me to forward ports on the PIX from the Internet to internal servers. I have explained that port forwarding is very risky but they don't seem to understand. Are there any publications that can be used to show the link between port forwarding and bad security posture. I've scoured and found nothing (maybe its to obvious to document?)...
I must be misunderstanding what you're asking. Without port forwarding then there will be no network facing services. So port forwarding isn't bad in and of itself. Indiscriminate port forwarding would be a bad thing. If you're asking about forwarding from the internet through your dmz to an internal network, then that's an issue of firewall placement and routing, and most any good firewall book will cover the issues there. As usual, refer to the implementation plan and the site security policy. The PIX is there to implement policy. And since its a large company it will have robust policies. Right? Brendan
-Jason Ellison ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- publications concerning port forwarding Jason L. Ellison (Apr 10)
- Re: publications concerning port forwarding Ben Nell (Apr 10)
- Re: publications concerning port forwarding vtlists (Apr 11)
- Re: publications concerning port forwarding Brendan Murray (Apr 10)
- RE: publications concerning port forwarding Wiedemann, Adrian (Apr 11)
- RE: publications concerning port forwarding Jason L. Ellison (Apr 11)
- RE: publications concerning port forwarding Wiedemann, Adrian (Apr 11)
- Message not available
- RE: publications concerning port forwarding Wiedemann, Adrian (Apr 11)
- RE: publications concerning port forwarding Jason L. Ellison (Apr 13)
- RE: publications concerning port forwarding Jason L. Ellison (Apr 11)
- Re: publications concerning port forwarding Ben Nell (Apr 10)
- <Possible follow-ups>
- RE: publications concerning port forwarding Jason Rahl (Apr 11)
- RE: publications concerning port forwarding Thomas W Shinder (Apr 13)
- Re: publications concerning port forwarding vtlists (Apr 13)
- Re: publications concerning port forwarding Thor (Hammer of God) (Apr 13)