[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Do these solutions post unacceptable security risk?
There are a number of unix-based and NT-based application servers on the internal network. They are so special that the vendor needs to access these servers from the Internet to trouble-shoot and support, when needed. The following are proposed "solutions", your comments/suggestions are appreciated. 1) SSH for Unix-based servers 2) VNC for NT-based servers 3) VPN for both Unix and NT servers. In these cases, we need to drill a number of holes on the firewall to allow port 22, 5900 or/and 50 to pass through. We want to "vendor" to be authenticated by Check Point Firewall-1 before allowing them to come in and then access ONLY those servers. The rule would be src dst service action vendor ip encryption-domain-x 50 client-auth consists of ip of unix-nt servers Would such "design" post any security risk to us? Any comments/suggestions are appreciated. Dave ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|