you might want to double check the net to make sure there isn't any known vulnerabilities
in your applications. But, if it's only accessable from specific hosts, and these hosts
are also hardened, you shouldn't have more than your normal paranoia about those ports.
Also, you can secure these ports further by not making the plug bi-directional if the
only one establishing connection is your internal host(s) or vise versa. You can also
further protect your firewall by sandbagging it at the access router, blocking connections
there to ports from hosts you don't want even touching your box while allowing them access
to other ports like smtp and http.
At 12:00 AM 10/21/99 -0400, Ivan Fox wrote:
>>>>
We may need to open a port or two for "home-grown" applications, e.g. tcp-1234, tcp-2345, on a Checkpoint Firewall-1 v4.0. Would it cause any security concerns? Any comments/suggestions are greatly appreciated.<<<<
Thanks,
Ivan.
Joel Gridley, CCNA, SOB "Be the packet."
Network Security/Firewall Specialist
GTE Internetworking, "Powered by BBN."
Burlington, MA - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
