[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Cfservd access through firewall - dangerous ?
From: |
Mark . Burgess |
Subject: |
Re: Cfservd access through firewall - dangerous ? |
Date: |
Mon, 29 Apr 2002 12:28:01 +0200 (MET DST) |
IP spoofing is now irrelevant, since one needs to have a valid (and trusted)
RSA key in order to connect. It thus boils down to a pure
trust issue (as all security problems eventually do).
Mark
On 29 Apr, Richard Arends wrote:
> On 29 Apr 2002, Adrian Phillips wrote:
>
>> Thanks. Actually this part is relatively easy to do. We can forward a
>> port on the firewall to an internal machine without any problems, its
>> the question of how secure it can be in terms of what cfservd allows
>> and disallows that conerns me most.
>
> This works, but is it safe??? It still can be possible to spoof one of the
> ip's. Therefor i would lock it down with IPSEC, or (and?) hardcode the
> mac-addresses in the arp tabel, or even if youre firewall supports it
> (iptables), put it in there...
>
> Greetings,
>
> Richard.
>
> ----
> An OS is like swiss cheese, the bigger it is, the more holes you get!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Work: +47 22453272 Email: Mark.Burgess@iu.hio.no
Fax : +47 22453205 WWW : http://www.iu.hio.no/~mark
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Re: Cfservd access through firewall - dangerous ?, Adrian Phillips, 2002/04/29
Re: Cfservd access through firewall - dangerous ?, Mark . Burgess, 2002/04/29