[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] DNS TCP
Don -- Why not a DMZ or Service Network? Elisabeth Don <[email protected]> Sent by: Mailing list for To: [email protected] discussion of Firewall-1 cc: <[email protected] Subject: Re: [FW-1] DNS TCP kpoint.com> 05/09/2002 01:10 PM Please respond to Mailing list for discussion of Firewall-1 DNS is, and always has been, a very insecure protocol. Given this, and the fact that DNS queries involve a lot of firewall overhead for very small amounts of data, you are probably better off just putting them in front of your firewall and just watching them. If all you run on them is DNS anyway, it will not matter if they are in front of or behind the firewall. They can be compromised either way. If they are behind the firewall, however, such a compromise gives an attacker a bridgehead into your network which would definitely not be a good idea. -Don NOTE: This electronic message and attachment(s), if any, contains information which is intended solely for the designated recipient(s). Unauthorized disclosure, copying, distribution, or other use of the contents of this message or attachment(s), in whole or in part, is prohibited without the express authorization of the author of this message. ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|