[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Security enhancement

To: "'IT.Albert '" <[email protected]>, "''[email protected]' '" <[email protected]>
Subject: RE: [FW1] Security enhancement
From: Chris Arnold <[email protected]>
Date: Tue, 13 Mar 2001 23:17:11 -0500
Sender: [email protected]

"access-list 140 permit ip your.network.range any" should allow all of your
hosts to initiate external connections if placed before the implicit deny
statement.  You may wish to prune this, depending on your security policy.

Chris

-----Original Message-----
From: IT.Albert
To: '[email protected]'
Sent: 3/13/01 10:46 PM
Subject: [FW1] Security enhancement

Hello all,

I am currently have FW-1 running under my client's network. DMZ area
have
SMTP server, web server and FTP server.  

I am looking for some security enhancement in their network.

First I am thinking about implement RealSecure from checkpoint for
intrusion
detection system. Anyone have experience with RealSecure? Is it a good
idea
to implement RealSecure? Is RealSecure really helpful? Anywhere I can
find
more information??

I am also thinking about to setup some access-list in the cisco router
before the firewall.. Anyone has any suggestion about what kind of stuff
I
suppose put into access-list? Anywhere I can find more information?? I
real
want to do it in right way..  

I also tried to put the following access-list into my Cisco router

access-list 140 permit tcp any host any eq www
access-list 140 permit tcp any host any eq ftp
access-list 140 permit tcp any host any eq smtp
access-list 140 permit tcp any host any eq pop3
access-list 140 permit tcp any host any eq 143
access-list 140 deny   ip any any

After I configure my cisco router like that, I can still reach my web
site
and ftp server from outside. But I found I cannot send and receive any
email. Why?? But I can telnet into port 25 and port 110 from external..
Strange?? 

Any other suggestion for security enhancement??

Thank you for all your help..

Albert Chong

IT Consultant
-------------------

========================================================================
========
     To unsubscribe from this mailing list, please see the instructions
at
               http://www.checkpoint.com/services/mailing.html
========================================================================
========

================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] Security enhancement
Next by Date: [FW1] Firewall doing spam relay ?
Prev by thread: [FW1] Security enhancement
Next by thread: [FW1] Firewall doing spam relay ?
Index(es):
- Date
- Thread