Hi,
The problem as I see it is that you're not just opening up 'SysLog'
[or whatever] port, it' opening up a clear through tunnel from
an ExtraNet host through to a host on the Internal Networks.
This means that should someone compromise an ExtraNet host they
then have clear-through access to the internal server assuming theyre
resourceful or clever enough to figure out what those Firewall
openings are. Once they have that realised they have direct
access to that internal service-port which they can then start
working on to look for vulnerabilities. In some cases with
proprietary applications that have not had much exposure to the
Internet yet, it could be Open Day.
What I want to do here is set up a second ExtraNet, - a Secure
Server Net which will host the servers providing services for
the frontline ExtraNet servers, whether these are for things like
SysLog or RADIUS or the backends/Databases for the middleware/web
servers on the Public access ExtraNet.
Does anyone have any comments on this approach ?
Cheers, tony
--- In [EMAIL PROTECTED], [EMAIL PROTECTED] wrote:
> Could someone please comment on the risks associated with allowing
an
> external Cisco router to syslog messages to an internal CiscoWorks
2000
> server through the Firewall? Bad idea?
>
>
> ===========================================
> John Monahan
> Network Administrator
> Liberty Diversified Industries
> (763) 536-6677
> ===========================================
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
