1999-03-02-22:59:24 Larry Cannell: > I can appreciate the concern you have regarding DNS. I am wondering how > would you support applications that NEED the DNS information (apps like > NetMeeting which does not have proxy support and needs to connect to any > number of external data conference servers). Easy: I don't allow them through high-security firewalls. If their availability were presented as a requirement, I'd place a client machine on which to run the netmeeting client app on the DMZ, and set up ssh tunnels to that sacrificial client through the high-security firewall. Apps for which no proxy is available and which have no documented security design do not go through the high-security firewall. -Bennett - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
- Re: Are there security downsides to allowing out... Bennett Todd
- RE: Are there security downsides to allowin... Larry Cannell
- Re: Are there security downsides to all... Jason Haar
- Re: Are there security downsides to... Larry Chin
- Re: Are there security downside... Jason Haar
- Re: Are there security dow... Ming Lu
- Re: Are there security dow... Larry Chin
- Re: Are there security... Jean-Christophe Touvet
- Re: Are there security... Richard Reiner
- Re: Are there security dow... Jean-Christophe Touvet
- RE: Are there security downsides to all... Bennett Todd
- RE: Are there security downsides to... Larry Cannell
- RE: Are there security downsides to all... Mike Batchelor
- RE: Are there security downsides to allowing out... Ng, Kenneth
- RE: Are there security downsides to allowing out... Magowan, Richard M. (ITS)
- RE: Are there security downsides to allowing out... Paul Gracy
