[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Using a separate machine for firewalling.

Subject: Re: [cobalt-security] Using a separate machine for firewalling.
From: "Kevin D" <kdlists@xxxxxxxxxxxxxxx>
Date: Mon, 23 Jul 2001 11:30:33 -0400
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

> Perhaps I didn't get what you're saying, but, if it's one machine that all
> of it's purpose is to ALWAYS DISCARD traffic to non-desired ports, and
> ALWAYS FORWARD traffic to desired ports to the Cobalt (or any other server
> in the world) - what difference does it make if all that is just replaced
> with  allow rules on the target Cobalt (or server) for the desired ports,
> and then a discard rule for all other packet matches?

Ease of configuration when protecting multiple servers (all traffic goes
through one place), egress filters (helps if firewall isn't compromised but
server is), layered security (if one installs both ip filters on target
machine and on firewall), logging/IDS.

If you've only got one server, it makes a bit less sense to have a separate
firewall...

Kevin

References:
- Re: [cobalt-security] Using a separate machine for firewalling.
  - From: shimi

Prev by Date: Re: [cobalt-security] user name = user
Next by Date: Re: [cobalt-security] IPChains Tool
Previous by thread: Re: [cobalt-security] Using a separate machine for firewalling.
Next by thread: Re: [cobalt-security] Using a separate machine for firewalling.

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index