Hello all,
A quick question to get your opinion on this.
Has anyone ever installed a firewall on a host just to protect the host
itself ?
The context would be the following: in a LAN (not connected to the Internet,
just a big LAN with multiple segments), we want to give access to a host to
certain people coming from a certain part of the LAN so they can see what's
going on on that machine, but we don't want them to be able to go anywhere
from there (for example telnet on another host in the same area).
So the idea is, install a firewall, accept connections (telnet, ftp...) from
the authorized LAN, and then deny all outgoing attempts.
Does this make any sense ? Or is there any other intelligent way of doing
this ?
Bruno
--sBnFd5OPniAe0K0yEHJX2mWyvOH5P6pT
Content-type: text/plain; charset="us-ascii"
Attached Files:
--sBnFd5OPniAe0K0yEHJX2mWyvOH5P6pT
Content-type: application/octet-stream
Content-transfer-encoding: base64
<encoded_portion_removed>
--sBnFd5OPniAe0K0yEHJX2mWyvOH5P6pT--
--IMA.Boundary.203465178
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Description: cc:Mail note part
I think you'll be better off with installing a good host-based
security product like Memco's SeOS, Dynasoft's (now Security Dynamics)
BoKS, or even Axent. They can do the job for you plus other good
stuff that a firewall is not designed to do.
Avi
______________________________ Reply Separator _________________________________
Subject: Firewall to protect the host itself ?
Author: ICS MAMER Bruno <Bruno...@cedel.sprint.com> at UNIXGTWY
Date: 8/10/97 2:34 PM
Hello all,
A quick question to get your opinion on this.
Has anyone ever installed a firewall on a host just to protect the host
itself ?
The context would be the following: in a LAN (not connected to the Internet,
just a big LAN with multiple segments), we want to give access to a host to
certain people coming from a certain part of the LAN so they can see what's
going on on that machine, but we don't want them to be able to go anywhere
from there (for example telnet on another host in the same area).
So the idea is, install a firewall, accept connections (telnet, ftp...) from
the authorized LAN, and then deny all outgoing attempts.
Does this make any sense ? Or is there any other intelligent way of doing
this ?
Bruno
--IMA.Boundary.203465178
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Description: cc:Mail note part
Attached Files:
--IMA.Boundary.203465178--