Subject: | |
From: | |
Reply To: | |
Date: | Tue, 31 Jul 2001 09:27:48 +0200 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Tom Emerson wrote:
> or "break through" and affect internal traffic. If the firewall
provides
> other services (such as file or print sharing), the loss of those
services
> while the system is being rebooted could be intolerable.
It is my personal oppinion that any service you want to run at the
firewall is at risk, and can leave open security flaws, or whatever.
A firewall must be a box where nothnig but the firewall itself exists...
and the access policies have to be clearly defined and enforced.
Put any file sharing mechanism on it (SAMBA, NFS, or whatever), and not
only the firewall, but the systems it serves are at risk.
Use a cheap 486 or Pentium 75-200 CPU with Linux and a couple of network
interfaces, and do not risk any of your valuable bits.
Hope this helps.
-- Andres j. Ogayar
-- I.T. Department
-- Raytheon Microelectronics Espaņa (Malaga, Spain)
-- +34.95.224.92.27
* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
|
|
|