[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CLARIFY RE: [FW1] Allow any service from internal net to outside

To: fw-1-mailinglist@softwhisper.us.checkpoint.com
Subject: CLARIFY RE: [FW1] Allow any service from internal net to outside
From: jvieira@dmr.com
Date: Thu, 11 Nov 1999 11:17:21 -0500


Hello,

I posted a question yesterday (shown below) and have recieved many reponses but
I think I worded the question the wrong way (my mistake).  So here it goes
again.

We have have a network (call it network A), connected to the internet and
protected by a firewall and other security measures.  Now the company wants to
creates a seperate network within network A for a certain department in the
company (call it network B).  This network will have it's own subnet and be
seperated from network A by a firewall.  Now the reason for this is because the
company does not want anyone from network A to gain access to network B.  Simple
just but a rule on the new firewall that drops anything who source is network A
and destination is network B.  Now as for network B's access to network A,
allowing anything through would not make either network less secure, since
network B was part of Network A originally.  Now network B needs access to
network A because network A contains the mail/web/dns servers and network B has
to go throught network A to gain access to the internet.  So would putting a
rule on the firewall allowing ANY service from network B to network A possibly
create a security risk in that someone in network A could gain access to network
B.

Now my question is will having one rules allowing any service through be any
less secure than having a hundred rules allowing hundreds of service through.
I'm trying to save myself some time.


Thanks,

Joe

> -----Original Message-----
> From:   jvieira@dmr.com [SMTP:jvieira@dmr.com]
> Sent:   Thursday, November 11, 1999 8:40 AM
> To:     fw-1-mailinglist@softwhisper.us.checkpoint.com
> Subject:     [FW1] Allow any service from internal net to outside
>
>
> Hello,
>
> I'm going to be setting up a firewall within an existing network to
> protect a
> network segment from the rest of the internal network.  There is already a
> fw in
> place for connections to the internet, this fw is to protect one
> department in
> the company from the rest of the departments.  Since I only need to block
> traffic going to this segment is their any security risks in setting a
> rule that
> allows this internal network access to any with service any?
>
> Any thoughts would be appreciated?
>
> Joe
>
>





================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] FW policy document
Next by Date: Re: [FW1] Large File Transfers
Prev by thread: RE: [FW1] FW policy document
Next by thread: [FW1] Security issues with network objects
Index(es):
- Date
- Thread