syslog with Kerberos. Yeah, yeah, flame me, but is it quick and works..
:) Just ask Genuity (Site Patrol)
At 07:20 PM 8/14/00 +0000, [EMAIL PROTECTED] wrote:
>Hi,
>
>The problem as I see it is that you're not just opening up 'SysLog'
>[or whatever] port, it' opening up a clear through tunnel from
>an ExtraNet host through to a host on the Internal Networks.
>This means that should someone compromise an ExtraNet host they
>then have clear-through access to the internal server assuming theyre
>resourceful or clever enough to figure out what those Firewall
>openings are. Once they have that realised they have direct
>access to that internal service-port which they can then start
>working on to look for vulnerabilities. In some cases with
>proprietary applications that have not had much exposure to the
>Internet yet, it could be Open Day.
>
>
>What I want to do here is set up a second ExtraNet, - a Secure
>Server Net which will host the servers providing services for
>the frontline ExtraNet servers, whether these are for things like
>SysLog or RADIUS or the backends/Databases for the middleware/web
>servers on the Public access ExtraNet.
>
>
>Does anyone have any comments on this approach ?
>
>
>Cheers, tony
>
>
>
>
>
>--- In [EMAIL PROTECTED], [EMAIL PROTECTED] wrote:
> > Could someone please comment on the risks associated with allowing
>an
> > external Cisco router to syslog messages to an internal CiscoWorks
>2000
> > server through the Firewall? Bad idea?
> >
> >
> > ===========================================
> > John Monahan
> > Network Administrator
> > Liberty Diversified Industries
> > (763) 536-6677
> > ===========================================
> >
> >
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
>
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
