RE: Secure Filters

Tue, 11 Jul 2000 09:05:49 -0400 (EDT) 

The rather liberal use of "From Any IP to Any IP" in this filter
set would make me more than a little nervous.

The filters should be narrowed down to only allow connections to
the IP Addresses (or aliases) that you intend for the services.

That's about as specific as I can get without also seeing the
tunnels, and possibly a list of servers on your network, what
services they provide, and to whom they provide them.

Mike Burden
Lynk Systems
(616)532-4985
[EMAIL PROTECTED]


> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Dieter Lubbe
> Sent: Tuesday, July 11, 2000 7:36 AM
> To: [EMAIL PROTECTED]
> Subject: Secure Filters
> 
> 
> --------------------- Attention -----------------------------
> Online GNAT Box User Forum is Now Open
> Click the Register link and sign up today
> http://www.gnatbox.com/cgi-bin/Ultimate.cgi
> -------------------------------------------------------------
> Send postings to: [EMAIL PROTECTED]
> Access the list archives at: http://www.gnatbox.com/gb-users/
> -------------------------------------------------------------
> Hi All,
> 
> I inhereited a firewall at my new job and the previuos guy had it 
> set up as
> follows,
> 
> How secure are these filters?
> Does anyone have an idea on how to improve on them?
> 
> Cheers
> Dieter
> 
> FILTERS
>   OUTBOUND
>      1 #Full Access
>        Accept "PROTECTED" ALL
>           from "ANY_IP"
>             to "ANY_IP"
> 
>   REMOTE ACCESS
>      1 #Allow web
>        Accept ANY TCP
>           from "ANY_IP"
>             to "ANY_IP" 25 80 110 443 8888 77 1521
> 
>      2 #DNS
>        Accept ANY UDP
>           from "ANY_IP"
>             to "ANY_IP" 53
> 
>      3 #Allow ping and traceroute
>        Accept ANY ICMP
>           from "ANY_IP"
>             to "ANY_IP"
> 
>      4 #Allow protected network access to WWW remote admin server.
>        Accept "PROTECTED" TCP
>           from 10.1.1.214/255.255.255.0
>             to 10.1.1.1/255.255.255.255 8888
> 
>      5 #Allow protected network access to RMC remote admin server.
>        Accept "PROTECTED" TCP
>           from 10.1.1.214/255.255.255.0
>             to 10.1.1.1/255.255.255.255 77
> 
> ----------------------------------------------
> To Unsubscribe: send mail to [EMAIL PROTECTED]
> with "unsubscribe gb-users your_email_address
> in the body of the message

Reply via email to