LISTSERV - HP3000-L Archives

HP3000-L Archives

July 2001, Week 5

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L July 2001, Week 5

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: A real threat, it appears
From:	"Andres j. Ogayar" <[log in to unmask]>
Reply To:	[log in to unmask]
Date:	Tue, 31 Jul 2001 09:27:48 +0200
Content-Type:	text/plain
Parts/Attachments:	text/plain (32 lines)

Tom Emerson wrote:
   > or "break through" and affect internal traffic.  If the firewall
provides
> other services (such as file or print sharing), the loss of those
services
> while the system is being rebooted could be intolerable.

   It is my personal oppinion that any service you want to run at the
firewall is at risk, and can leave open security flaws, or whatever.

   A firewall must be a box where nothnig but the firewall itself exists...
and the access policies have to be clearly defined and enforced.

   Put any file sharing mechanism on it (SAMBA, NFS, or whatever), and not
only the firewall, but the systems it serves are at risk.

   Use a cheap 486 or Pentium 75-200 CPU with Linux and a couple of network
interfaces, and do not risk any of your valuable bits.

   Hope this helps.

    -- Andres j. Ogayar
    -- I.T. Department
    -- Raytheon Microelectronics España (Malaga, Spain)
    -- +34.95.224.92.27

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

ATOM RSS1 RSS2

RAVEN.UTC.EDU