Hello again,
After asking the question below I got some great answers but now I'm more
worried about the current state of our firewall.
Anyone with knowledge on Watchguard might be able to explain these issues
to me better, but any advice would be great:
We have opened up some of the standard services (such as ping, Notes, pop3,
smtp and http) like most people do.
Taking PING as an example, we have configured Watchguard:
Incoming tab, From: field as ANY (from any external host)
Incoming tab, To: field as ANY (to any host on Trusted/Optional
interfaces?)
Outgoing tab, From: field as ANY (from any trusted/internal host)
Outgoing tab, To: field as ANY (to any external host)
Am I understanding this correctly? Can any external host now ping our
internal servers? My brain makes me think that the answer is no, unless a
server inside the DMZ is compromised and from there, the ping is sent, am I
right?
Secondly most e-commerce businesses MUST open up ports from their DMZ to
their INTERNAL servers for reasons such as database transactions say, so
how do these people protect themselves from attack?
Please advise
Regards
Simon
----- Forwarded by Simon Griffin/Corporate IT/Maritz_UK on 08/06/2000 13:38
-----
Simon Griffin
To: [EMAIL PROTECTED]
07/06/2000 cc:
14:50 Subject: Opening up ports 139, 1494, 1604
- Am I safe?
Hello,
I was hoping to get some quality answers from all you professionals out
there about some ports I have been asked to open up on our firewall.
We have a Watchguard Firebox II firewall connected to the Internet
(External), the corporate LAN (Trusted) and our DMZ (Optional) which is
locked down tight except for only the essential ports to allow the servers
to do their job.
The ports I have been asked to open are:
1494 - ICA
1604 - ICABrowser
139 - Netbios Session Service
The is to allow a Citrix server in our DMZ to communicate back through to
our corporate LAN (Trusted) to another Citrix server.
Can you tell me if I'm about to open up a can of worms, or am I ok to open
up these 3 ports?
What is ICA and ICABrowser anyway? I asume its a Citrix related service?
Please advise
Regards
Simon
**********************************************************************
If you are not the intended recipient of this e-mail and have received it
in error, you are on notice that the e-mail and any attached files are
confidential. Please notify us immediately by reply e-mail and then delete
this message from your system. Please do not use, distribute, copy or
take any action in reliance on it as to do so could be a breach
of confidence. The sender does not accept any responsibility for any
loss, disruption or damage to your data or computer system which may occur
whilst using data contained in, or transmitted with, this e-mail. Thank
you for your co-operation. If you need assistance, please contact
Maritz Ltd - tel.: +44 (0)1628 486011 or e-mail: [EMAIL PROTECTED]
**********************************************************************
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
