In message <[EMAIL PROTECTED]>, David Lang writes: >On Mon, 15 Apr 2002, Saso Virag wrote:
[snip] >> That's true, but people really _should_ know better than running Xserver >> and *gasp* CDE X manager on the firewall box. Operative word being >> *should*. :-) >> > >unfortunantly the alturnative seems to be to put a microsoft windows box >out on the network to be a management station, at least with X on the >firewall the firewall attempts to prevent access from the world, if you >use a microsoft box usually it's not hardened (you may be able to turn it >off when not needed, unless it also deals with your logs) The alternative is not as bad as it seems, really. Just hang the management station off the separate NIC on the firewall and deny all the traffic originating from elsewhere onto that segment of the network. Have a firewall admin workstation and a management console on that network segment. The workstation can run Windows and is turned off when it's not needed and the management console runs Solaris and happily receives logs from the firewall. I'd also put a packet filter of a sort onto the management console. Cheers, Saso _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
