Great Circle Associates Firewalls
(July 1994)

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Revise: One Way Traffic
From: "ron fitzherbert" <ron_fitzherbert @ ed . gov>
Date: Tue, 26 Jul 94 10:45:21 EST
To: Firewalls @ GreatCircle . COM
Encoding: 1588 Text

          Ok, so I asked for that -- don't ask the right question,
          don't get the answer you expect :)

          Let me put this another way....

          Lets say we have a PC-based network, servers and
          workstations.  You want to give the user community access to
          the Internet from their PC Workstations for things like,
          FTP, Telnet, Gopher, Mosaic, Finger, Ping (All of which will
          be windows apps).  People will not be running X, it will be
          against policy to run a host on the network (at least for a
          user to run a host, there will be servers of course).

          It would be -easy- to firewall *IF* all telnets were on port
          23 and all gophers were on port 70, but they are not :(

          I'm looking for the easist (and safest) way to give people
          access to "all" telnets and gophers without having to allow
          individual ports for each non-standard telnet/gopher out
          there.  The simple solution (security issues aside) would
          seem to be to allow outbound "well-known" ports (ones they
          should have access to) below 1023 as well as all ports above
          1024 while at the same time blocking all inbound ports below
          1023.  Of course the simplist solution is usually not the
          best. :)

          I'm trying to come up with ideas as to what is the "best"
          all around solution... provides security, provides users
          with what they want and is not an undue burden on staff.


Indexed By Date Previous: Re: CERN Mosaic Proxy
From: Bernhard Schneck <Bernhard . Schneck @ GeNUA . DE>
Next: Re: Questions about security of Frame Relay networks.
From: paul @ hawksbill . sprintmrn . com (Paul Ferguson)
Indexed By Thread Previous: Fwd: Re(2): prevalence of sniffing ?
From: BRETT_FROMME @ wellfleet . com (Brett Fromme,Wellfleet Cust. Service)
Next: Revise: One Way Traffic
From: "ron fitzherbert" <ron_fitzherbert @ ed . gov>

Search Internet Search