Re: [FW1] Security layout question

Erik Parker Sun, 28 May 2000 12:58:37 -0700


Yep.. The firewall should do ONE thing... be a firewall. We run fw-1 on
Unix for stability and security, and we don't allow anyone to connect to
that box in any way shape or form. It runs no services, it doesn't even
run xntpd, so it can't get bogus time info from a hacked time server.

Even if your budget is pressed, it is critical to not allow your firewall
to do anything but be a firewall. 

On Sun, 28 May 2000 [EMAIL PROTECTED] wrote:

> 
> 
> I would recommend NOT adding it to the domain.
> I don't like the NT SAM database for my "secure" network to be on the
> firewall in any way, shape, or form.  The firewall should definitely not be
> a domain controller in your secure domain.
> You also have to consider internal hacking.  I don't allow access from
> anyone in the domain to the firewall.
> Shut all the doors possible....
> 
> Todd S. Everett, CCSE, CNE, MCSE
> Senior Network Consultant
> Infoware, Inc.
> 847-825-5500 x108
> 
> 
> 
>                                                                                      
>                                             
>                     "Newman, Steven"                                                 
>                                             
>                     <[EMAIL PROTECTED]>                    To:     
>[EMAIL PROTECTED]                  
>                     Sent by:                                    cc:                  
>                                             
>                     [EMAIL PROTECTED]        Subject:     [FW1] 
>Security layout question                       
>                     kpoint.com                                                       
>                                             
>                                                                                      
>                                             
>                                                                                      
>                                             
>                     05/27/2000 01:53 PM                                              
>                                             
>                                                                                      
>                                             
>                                                                                      
>                                             
> 
> 
> 
> 
> 
> When using FW-1 on a  dedicated firewall PC, is it alright for that machine
> to be a member of the  domain
> that it is  protecting?� Or is that a no no?
> 
> Thanks,
> 
> 
> Steven Newman
> MCP, MCSE, CCSA, CCSE
> 
> "If a nation expects to be  ignorant and free, in a state of civilization,
> it expects what never was and  never will be." ---Thomas Jefferson, 1816
> 
> 
> 
> 
> 
> 
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================
> 



Erik Parker
[EMAIL PROTECTED]



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================
Re: [FW1] Security layout question

Reply via email to
