[Courses] [Security] Firewall theory -- general (fwd)
Raven, corporate courtesan
raven at oneeyedcrow.net
Tue Mar 12 14:47:51 EST 2002
Heya --
Forwarded with permission from James, who couldn't access his
subscribed account at the time:
----- Forwarded message from James Sutherland <jas88 at cam.ac.uk> -----
> Okay. So I pay your cover fee. [grin] Now, what sorts of
> traffic do you think it would be a good idea to let pass, and what sorts
> of traffic would you want to block. Decide that, and there's half the
> work of creating the firewall done.
>
> Any guesses? No such thing as a stupid guess...
One caveat a friend found recently (off-list, since I can't post from my
subscribed address from here [insert rant about restrictive Exim
setup...]): Norton Internet Security has the "clever" idea of blocking UDP
packets. Such as DNS lookups and responses. It does insert a special case
for your DNS server - so everything is fine until your DNS server changes
(as happens quite often with the bigger dialup ISPs here: you're assigned
two or three servers randomly from a larger pool). At which point, nothing
Internet-related works (no DNS service working), and you have a major
debugging headache...
James.
----- End forwarded message -----
Good point. You want to make sure that you allow the traffic
that your server is going to need. So it has to be able to do DNS
lookups, for example. What else might it be helpful for the server to
be able to use, besides the services it's offering?
Cheers,
Raven
"Sed, sed, awk. Like duck, duck, goose. Sync, sync, halt. It's the
order of nature."
-- me, after too long a day at work
More information about the Courses
mailing list