Filip, There are pros and cons here. Pros: o Centralized defense o Probably SMTP server with FW-1 are better designed for security point of view as compared to other general SMTP servers. (My perception) Cons: o I don't like it personally with the same reasons you have mentioned. o Possibility of DOS and exploits. Firewall is critical for your site so why take chance. o Put extra burden on Firewall for processing. o Generally I don't want to allow any direct traffic from outside to firewall of any type if possible.
Rajeev On Wednesday 03 October 2001 16:43, Filip Sneppe wrote: > Hi, > > Are there any specific benefits in running the FW-1 SMTP security server in > combination with a CVP-enabled > mail scanning server ? > > Any known issues/bugs with this combo ? At first sight, I don't like it all > that much; IMHO it gives an attacker the possibility to DoS your server via > SMTP, and it gives him at least open port to fingerprint your OS with (nmap > detects FW-1 on NT). > > Just trying to convince someone that a firewall should only firewall and he > should use a mail scanning server that is not linked to the FW-1 with any > sort of protocol. But if I am actually the one who needs convincing, I'd be > happy to hear about it. > > TIA, > Filip > > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls -- ******************************************************************** Rajeev Kumar ([EMAIL PROTECTED]) http://www.rajeevnet.com ******************************************************************** -- PGP PUBLIC KEY -- http://www.rajeevnet.com/crypto/mypubkey ******************************************************************** What's New on rajeevnet.com: o Unix/Windows password Sync: http://www.rajeevnet.com/linux/passwd_sync/passwd_sync.html o Wonders of 'dd' and 'netcat' :: Cloning Operating Systems http://www.rajeevnet.com/tips_hints/os_clone/os_cloning.html ******************************************************************** _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
