[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Re:
To give or not to give. That is the age old question. (sure hope Shakespear doesn't mind the interpretation.) And generally it is a question that should be answered based on your companies' policy and business needs. The more you open, the more risk you have. If you must open this, then think about passing through a proxy system. Who/What is at the other end? What business need is driving this and can it be handled differently. Is this communication between a single or small set of known systems? Are you always originating the connection? Are there any special authentication needs? There may be more questions. The more information you can get about this connection and it's processes, the better you can do to reduce the amount of risk by opening up additional ports. Robert - - Robert P. MacDonald, Network Engineer Team Lead, e-Business Infrastructure G o r d o n F o o d S e r v i c e Voice:email: [email protected] >>> Zodir Mage <[email protected]> 11/17/00 8:30:19 PM >>> >Hello, I'm quite new with the security topic and I'm on >charge of FW for my society. > >My question is quite simple or too complicate ??? >let see your answers :-) > >A lot of users are asking me to open new exotic port >because of profesionnal needs. Theses ports are https 8001 >and https 8002 and seems to be real https, because I've >analyzed the frames. > >Some answers (like in FW training) given by teachers are : >No, we do not open that port and we explain that to the >employees because of potential security breach... > >Some others says ok if you'are sure about the connection >and about the frames it is ok, open that ports because it >is for profesionnal use... > >So at this point I would like to know what is the >appropriate answer for that particular ports mentionned, >shall we or shall we not open them ? >What is made generaly, what is the choice from the Old Wyse >security guy ? >Must I stay on my position by saying NO, NOT, NERVER... >or must I be more flexible ? > >Thanks in advance for everyone giving me support >Didier POZZI ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|