[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Http security server, to use or not to use, that is my question!
Stéphane, Adding an http resource will increase the security for all requests that match that rule for http. When adding the security server, you may use a third party OPSEC to validate all http request and customize all requests such as http get, put post and so on. Please note that when activating the resource, your machine will take a hit since more processing is taking place. Since the source is coming from the outside towards your server, you may use a Static Nat without the use of the http security server with a well hardened web server. Note that most attacks are now at the application layer so be aware! *Note that SmartDefense doesn't use the http security server but inspects packets in the kernel through TCP streaming when it's http packets if your looking for protection. HTH Simon. ---------- Simon Desmeules CCSA/CCSE/CCSE Plus/ CCSI Instructor NG CCSA/CCSE ver 4.0 ISS RealSecure Specialist / TripWire Specialist http://www.digidyne.ca mailto :[email protected] ---------- Contact me for you Check Point Training View my co-authoring project at Syngress http://www.digidyne.ca/training/ http://www.syngress.com/catalog/sg_main.cfm?pid=1922 ---------- ----- Original Message ----- From: "Blais, Stéphane" <[email protected]> To: <[email protected]> Sent: Tuesday, November 04, 2003 11:34 AM Subject: [FW-1] Http security server, to use or not to use, that is my question! Situation: -I am setting up rules to give access to my web server on a DMZ. -I am not using CVP or UFP servers Question: -Should I still use a "http security server" or just satic NAT the webserver to a valid IP? I thought that the "http security server" also acted as a proxy wich would increase the security level. Thanks Stéphane ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|