Leonard,
It is trivial to "hide" the IP address of the firewall by using a
different IP address to NAT all of your internal machines behind. If the
firewall then responds to no network traffic directed directly at it, it
is effectively "hidden".
IMHO,
Eric Schroeder
Satel Coporation
<[EMAIL PROTECTED]>
11/14/2002 11:53 PM
To: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
cc: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
Subject: RE: Company Firewall's IP Address
Hi,
As my previous email, there is no way you can 'hide' the firewall external
interface IP Address. It is generally an acceptable practice with a good
comfort level to have this in real world. There are something you can do
:
1) Obscure the DNS name for firewall e.g. don't assign a DNS name like
'Dallas-FW-Ver3.x'
2) Use stealth connection - Drop every connection attempt to your
firewall, this supposed to make your firewall stealth.
3) Carefully check your security policy to make sure there is no gap /
unintended holes.
4) Use AntiSpoofing.
etc.
Having said that, the social engineering, that exploit regular computer
users' panic, that really matters in the advertisement.
Regards,
Leonard Ong, CISSP, CSS-1, CCSE, MCSE,
MCDBA, CCNP, CCDP, NSA, LCP
Network Security Specialist, APAC
NOKIA
Email. [EMAIL PROTECTED]
Mobile. +65 9431 6184
Phone. +65 6723 1724
Fax. +65 6723 1596
