Send firewall-wizards mailing list submissions to
firewall-wizards@honor.icsalabs.com
To subscribe or unsubscribe via the World Wide Web, visit
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@honor.icsalabs.com
You can reach the person managing the list at
firewall-wizards-admin@honor.icsalabs.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."
Today's Topics:
1. Re: Host based vs network firewall in datacenter (Kevin)
2. RE: Host based vs network firewall in datacenter (Johann van Duyn)
--__--__--
Message: 1
Date: Wed, 15 Jun 2005 21:21:24 -0500
From: Kevin <kkadow@gmail.com>
Reply-To: Kevin <kkadow@gmail.com>
To: firewall-wizards@honor.icsalabs.com
Subject: Re: [fw-wiz] Host based vs network firewall in datacenter
Cc: "Zurek, Patrick" <pzurek@uillinois.edu>
On 6/10/05, Rik Schneider <riks@wni.com> wrote:
> From: Zurek, Patrick - Tuesday, June 07, 2005 12:34 PM
> To: firewall-wizards@honor.icsalabs.com
> > 2) As a short term measure I have applied ipfilter on several of our no=
n-
> > production hosts. My manager has began to advocate putting it on all
> > production systems now (about 15 hosts). =20
Assuming you've completed thorough testing on non-production hosts, you
should feel comfortable in applying ipfilter policies to your
production systems.
> > Is ipf on a production Sun 15k a good idea?
>=20
> IPF works well but depending on your support requirements you may need
> to look at a commercial solution. If you are using Solaris 8 or 9 and
> are under sun support you may want to look at Sunscreen Lite but I still
> prefer ipfilter.
So does Sun.... Solaris 10 includes a version of ipfilter:
http://www.sun.com/software/solaris/faqs/security.xml#q2
Kevin Kadow
--__--__--
Message: 2
Subject: RE: [fw-wiz] Host based vs network firewall in datacenter
Date: Mon, 13 Jun 2005 18:19:17 +0100
From: "Johann van Duyn" <johann@vanduyn.co.uk>
To: "Zurek, Patrick" <pzurek@uillinois.edu>,
<firewall-wizards@honor.icsalabs.com>
SGksIFBhdHJpY2suLi4NCg0KTUpSIHNob3VsZCBjaGlwIGluLCBzaW5jZSBoaXMgcG9zdHMgc2Vl
bSB0byBoYXZlIGNhdXNlZCB5b3Ugc29tZSBtZW50YWwgYW5ndWlzaC4gKERvbid0IGZlZWwgYWxv
bmUuLi4pDQoNCk9wdGlvbiAxIGlzIG5vdCB0byBiZSByZWNvbW1lbmRlZCwgYWx0aG91Z2ggeW91
IHByb2JhYmx5IGNvdWxkIGdldCBhd2F5IHdpdGggaXQgaWYgeW91ciBVbml4IGFkbWluIGlzIHJl
YWxseSBnb29kIEFORCBoZS9zaGUvaXQgaGFzIGEgZ29vZCB1bmRlcnN0dWR5LiBCdXQgaWYgYSBz
ZXJ2ZXIgZmFsbHMsIGV4cGVjdCB0byBoZWFyIGFsbCBzb3J0cyBvZiAiaW50ZXJlc3RpbmciIHF1
ZXN0aW9ucyByZWdhcmRpbmcgZHVlIGNhcmUsIG5lZ2xpZ2VuY2UsIGV0Yy4gZnJvbSBsYXd5ZXJz
LCBzZW5pb3IgbWFuYWdlbWVudCBhbmQgdGhlIGxpa2UuDQoNCk9wdGlvbiAyIGNvdWxkIHdvcmsg
T0ssIGJ1dCB5b3UnbGwgbmVlZCB0byBnbHVlIHRoZSBsb2dzIGZyb20gdmFyaW91cyBzZXJ2ZXJz
IHRvZ2V0aGVyIGlmIHlvdSB3YW50ZWQgdG8gZm9ybSBhIGdvb2QgcGljdHVyZSBvZiB3aGF0J3Mg
Y29taW5nIGF0IHlvdXIgbmV0d29yay4uLiBhbmQgY2hhbmdpbmcgc2V0dGluZ3MgZ2xvYmFsbHkg
d2lsbCBiZWNvbWUgYSBwYWluIGluIHRoZSBwb3N0ZXJpb3IuDQoNCk9wdGlvbiAzIHdvcmtzIGJl
c3QgZm9yIG1vc3QgcGVvcGxlLCBidXQgdGhlIGRvd25zaWRlIGhlcmUgaXMgdGhhdCBvbmUgc2xp
cC11cCBjb3VsZCBwb3RlbnRpYWxseSBsZWF2ZSB5b3VyIHdob2xlIG5ldHdvcmsgdnVsbmVyYWJs
ZS4gSXQgZG9lcywgaG93ZXZlciwgZ2l2ZSB5b3UgdGhlIG9wdGlvbiBvZiBkZWZpbmluZyBETVog
c3VibmV0cywgc29tZXRoaW5nIEkgd291bGQgcmVjb21tZW5kOiBwdXQgeW91ciBEQiBhbmQgQXBw
IHNlcnZlcnMgaW4gc2VwYXJhdGUgRE1aIGNvbXBhcnRtZW50cywgYW5kIG1hbmFnZSBob3cgdGhl
eSB0YWxrIHRvIG9uZSBhbm90aGVyLg0KDQpCZXN0IG9wdGlvbiB5ZXQgaXMgdG8gZG8gYWxsIHRo
cmVlLCBvciBhdCBsZWFzdCBvcHRpb25zIDEgYW5kIDMuIChCdXQgbGVhdmUgdGhlICJ3aWRlIG9w
ZW4iIHBhcnQgb3V0IGZyb20gb3B0aW9uIDEuKSBMb2NrIHRoZSBob3N0cyBkb3duIHJlYWxseSB0
aWdodGx5LCBhbmQgcHV0IGFuIGVxdWFsbHkgdGlnaHRseSBjb25maWd1cmVkIGFwcGxpY2F0aW9u
IHByb3h5IGZpcmV3YWxsIGluIGZyb250IG9mIHRoZW0uIA0KDQooTm90ZTogU3BlYyB0aGUgQVBG
IHdlbGwgd2hlbiBidXlpbmc7IHRoZXkgZG8gaW50cm9kdWNlIGxhZywgYW5kIGEgdW5pdCB0aGF0
IGNhbm5vdCBoYW5kbGUgeW91ciBiYW5kd2lkdGggZ3JhY2VmdWxseSB3aWxsIGdpdmUgeW91IGFu
ZCB0aGUgc2l0ZSdzIHVzZXJzIGEgcmF0aGVyIG5hc3R5IGV4cGVyaWVuY2UuIEFsc28sIHF1ZXN0
aW9uIHRoZSB2ZW5kb3Igb24gdGhlIHRlY2huaWNhbCBkZXRhaWxzIG9mIHRoZWlyIGZpcmV3YWxs
J3MgcHJveGllcywgc28gdGhhdCB5b3UgZ2V0IGEgdW5pdCB0aGF0IGFncmVlcyB3aXRoIHlvdXIg
dGFrZSBvbiB3aGF0IHNob3VsZCBhbmQgc2hvdWxkIG5vdCBiZSBjb21pbmcgYXQgeW91ciBzZXJ2
ZXJzLCBhbmQgdGhhdCBwcm94aWVzIGV4aXN0IGZvciBhcyBtYW55IG9mIHRoZSBwcm90b2NvbHMg
eW91IHVzZSBhcyBwb3NzaWJsZS4gQWxzbyBxdWl6IHRoZW0gb24gdGhlIHByb2NlZHVyZSBmb3Ig
d3JpdGluZyBjdXN0b20gcHJveGllcywgc2hvdWxkIHRoYXQgZXZlciBiZSByZXF1aXJlZC4uLiBi
dXQgcHJlcGFyZSB0byBwYXkgYmlnICQkJC/Co8KjwqMv4oKs4oKs4oKsIGZvciB0aGF0LikNCg0K
SSB3b3VsZCBhZGQgYW4gaW5zdGFuY2Ugb2YgU25vcnQgdG8gdGhlIG1peCBhcyB5b3UgYXJlIHBs
YW5uaW5nIHRvIGRvLCBhbmQgdGhlbiBjb25zaWRlciwgYWZ0ZXIgYSBmZXcgbW9udGhzIG9mIG1v
bml0b3JpbmcgU25vcnQgbG9ncywgd2hldGhlciBhbnkgb2YgdGhlIElQUyBhcHBsaWFuY2VzIG9u
IHRoZSBtYXJrZXQgd291bGQgYmUgb2YgbXVjaCB1c2UuIEJ1dCBkbyBrZWVwIGFuIGV5ZSBvdXQg
Zm9yIHRoZSBub25zZW5zZSB0aGF0IElQUyB2ZW5kb3JzIGFyZSBsaWtlbHkgdG8gdGhyb3cgeW91
ciB3YXkgaWYgeW91IGFzayB0aGVtLCBhbmQgcXVlc3Rpb24gdGhlIHJlbGV2YW5jZSwgYWNjdXJh
Y3kgYW5kIHRlY2huaWNhbCBkZXRhaWxzIG9mIGV2ZXJ5IHNwZWNpZmljYXRpb24gdGhleSB0aHJv
dyBhdCB5b3UuIElmIHlvdSdyZSBydW5uaW5nIGEgZGVjZW50IGFwcGxpY2F0aW9uIHByb3h5IGZp
cmV3YWxsIEFORCB5b3VyIGhvc3RzIGFyZSB3ZWxsIGNvbmZpZ3VyZWQgYW5kIHByb3Blcmx5IGxv
Y2tlZCBkb3duLCB5b3UgcHJvYmFibHkgZG9uJ3QgcmVhbGx5IG5lZWQgdGhlIElQUyB1bml0Lg0K
DQpJZiBhdCBhbGwgcG9zc2libGUsIGRpdm9yY2UgeW91ciBjdXN0b20gYXBwIGZyb20gdGhlIERC
IHNlcnZlci4uLiB0aGF0IGNvbmZpZ3VyYXRpb24gaXMganVzdCBwbGFpbiB1Z2x5LCBtYW4uIFlv
dSByZWFsbHkgZG9uJ3Qgd2FudCBhIHZ1bG5lcmFiaWxpdHkgaW4gb25lIHRvIGxlYWQgdG8gYSBj
b21wcm9taXNlIG9mIHRoZSBvdGhlci4gKElmIHlvdSBjYW4ndCwgeW91IGFyZSBnb2luZyB0byBo
YXZlIHRvIGd1YXJkIHRoYXQgc2VydmVyIHdpdGggc2V2ZXJlIGplYWxvdXN5IGZvciBhcyBsb25n
IGFzIGl0IGlzIGFsaXZlLikNCg0KSG9wZSB0aGlzIGhlbHBzIHNvbWUuLi4NCg0KX19fX19fX19f
X19fX19fX19fX19fX19fX19fX18NCkogbyBoIGEgbiBuICAgdiBhIG4gICBEIHUgeSBuIA0KDQp8
IC0tLS0tT3JpZ2luYWwgTWVzc2FnZS0tLS0tDQpbU05JUCEgLS0gSnZEXSANCnwgYWRtaW5AaG9u
b3IuaWNzYWxhYnMuY29tXSBPbiBCZWhhbGYgT2YgWnVyZWssIFBhdHJpY2sNCltTTklQISAtLSBK
dkRdIA0KfCANCnwgVGhlc2UgYXJlIHRoZSBvcHRpb25zIGFzIEkgc2VlIHRoZW06DQp8IDEpIFdp
ZGUgb3BlbiAtIGtlZXAgdGhlIGhvc3RzIGxvY2tlZCBkb3duIHRpZ2h0IGFuZCBrZWVwIG9wZW4g
c2VydmljZXMgdG8NCnwgYSBtaW5pbXVtLg0KfCAyKSBIb3N0IGJhc2VkIGZpcmV3YWxsIC0gcHV0
IGlwZiBvbiB0aGUgaG9zdHMNCnwgMykgTmV0d29yayBmaXJld2FsbCBiZWhpbmQgdGhlIHJvdXRl
ciAtID8/Pw0KfCANCnwgMSkgRG9lcyBub3Qgc2VlbSBmZWFzaWJsZSB0byBjb250aW51ZSB0byBv
cGVyYXRlIHRoaXMgd2F5Lg0KfCANCnwgMikgQXMgYSBzaG9ydCB0ZXJtIG1lYXN1cmUgSSBoYXZl
IGFwcGxpZWQgaXBmaWx0ZXIgb24gc2V2ZXJhbCBvZiBvdXIgbm9uDQp8IHByb2R1Y3Rpb24gaG9z
dHMuICBNeSBtYW5hZ2VyIGhhcyBiZWdhbiB0byBhZHZvY2F0ZSBwdXR0aW5nIGl0IG9uIGFsbA0K
fCBwcm9kdWN0aW9uIHN5c3RlbXMgbm93IChhYm91dCAxNSBob3N0cykuICBBdCBmaXJzdCBJIHRo
b3VnaHQgdGhpcyB3b3VsZCBiZQ0KfCBhIGJhZCBpZGVhLCBhcyBhIG5ldHdvcmsgZmlyZXdhbGwg
d291bGQgZWFzZSBhZG1pbmlzdHJhdGlvbiBhbmQgaGF2aW5nIHRvDQp8IGFkbWluaXN0ZXIgc2Vw
ZXJhdGUgcnVsZSBzZXRzIGZvciBlYWNoIHNlcnZlciB3b3VsZCBiZSB1bndpZWxkeS4gSG93ZXZl
ciwNCnwgYWZ0ZXIgcmVhZGluZyB0aGUgb3BpbmlvbnMgb2YgY2VydGFpbiBtZW1iZXJzIG9mIHRo
ZSBsaXN0LCBJJ20gYXQgYSBsb3NzDQp8IGFzIHRvIGhvdyB0byBwcm9jZWVkLiAgSSBkb24ndCB3
YW50IHRvIHB1cmNoYXNlIHNvbWV0aGluZyBsaWtlOg0KfCANCnwgIi0gU29tZSBvZiB0aGUgcHJv
ZHVjdHMgd2UncmUgYnV5aW5nIHNpbXBseSBkb24ndCB3b3JrDQp8IC0gU29tZSBvZiB0aGUgcHJv
ZHVjdHMgd2UncmUgYnV5aW5nIGFyZW4ndCBiZWluZyB1c2VkDQp8ICAgICAgICAgcHJvcGVybHkN
CnwgLSBUaGVyZSBpcyBubyBjb3JyZWxhdGlvbiBiZXR3ZWVuIGNvc3QgYW5kIGVmZmVjdGl2ZW5l
c3MNCnwgICAgICAgICBvZiBzZWN1cml0eSBwcm9kdWN0cyINCnwgDQp8IGFzIE1KUiBzYWlkIGxh
c3Qgd2Vlay4gIEknbSBpbnRlcmVzdGVkIGluIHVzaW5nIHRoZSByaWdodCB0b29sIGZvciB0aGUN
Cnwgam9iLiAgSXMgaXBmIG9uIGEgcHJvZHVjdGlvbiBTdW4gMTVrIGEgZ29vZCBpZGVhPw0KfCAN
CnwgMykgVGhpcyBvcHRpb24gaXMgZ29vZCBiZWNhdXNlIGl0IHdpbGwgYWxsb3cgdXMgdG8gYXBw
bHkgc3RhdGVsZXNzIEFDTHMgYXQNCnwgdGhlIGdhdGV3YXkgYW5kIGNlbnRyYWxpemUgdGhlIG1h
bmFnZW1lbnQgb2YgZmlyZXdhbGwgZnVuY3Rpb25zLg0KfCANCnwgQmVhcmluZyBpbiBtaW5kIHRo
YXQgSSdtIHN0aWxsIHJlbGF0aXZlbHkgbmV3IHRvIHRoaXMsIGFuZCB0aGF0IEknbSBoYXZpbmcN
CnwgdHJvdWJsZSBicmlkZ2luZyB0aGUgZ2FwIGJldHdlZW4gdGhlIHdheSBzZWN1cml0eSBzaG91
bGQgYmUgZG9uZSwgYW5kDQp8IGFjdHVhbGx5IGltcGxlbWVudGluZyBpdCwgSSdkIGFwcHJlY2lh
dGUgYW55IGFkdmljZSBhbmQgaGVscC4NCnwgDQpbU05JUCEgLS0gSnZEXSANCg==
--__--__--
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
End of firewall-wizards Digest
No comments:
Post a Comment