[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Firewall setup

To: Rob Serfozo <rserfozo@kscfcu.org>, Firewalls LIST <firewalls@Lists.GNAC.NET>
Subject: RE: Firewall setup
From: Robert Stanley <rstanley@iprg.nokia.com>
Date: Thu, 13 Jul 2000 10:23:45 -0700

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

If anyone compromises your web server they will now have access to your
entire internal network. DMZ's are necessary to segment and control access.
If you place the server in the DMZ and it is compromised it only threatens
nodes inside the DMZ assuming your internal network doesn't trust DMZ nodes.

> -----Original Message-----
> From: firewalls-owner@Lists.GNAC.NET
> [mailto:firewalls-owner@Lists.GNAC.NET]On Behalf Of Rob Serfozo
> Sent: Thursday, July 13, 2000 6:21 AM
> To: Firewalls LIST
> Subject: Firewall setup
>
>
> We have a pix 515 and one webserver that will be available to the public.
> We have tried the dmz route and seem to be having problems
> communicating to
> the inside server, so we are considering this.
>
> We want to put the webserver on our inside network and allow connections
> through a static and conduit statement.  This will resolve our
> problems with
> communication to the inside non public server.
>
> What do you all think.
>
> Rob
>
> -
> [To unsubscribe, send mail to majordomo@lists.gnac.net with
> "unsubscribe firewalls" in the body of the message.]
>

-
[To unsubscribe, send mail to majordomo@lists.gnac.net with
"unsubscribe firewalls" in the body of the message.]

Prev by Date: Re: Citrx Metaframe/NT4-TSE
Next by Date: Re: static nat
Prev by thread: RE: Firewall setup
Next by thread: Altavista Firewall 98 and ICMP
Index(es):
- Date
- Thread