Do you load balance traffic to your fire wall(s)? If so, what methodology and more importantly, whose technology are you using. For example, if you were utilizing Foundry Networks ServerIronXLs and are employing a sandwich architecture, you could not only switch based on the protocol and in effect load balance all port 80 and 443 traffic to different devices respectively, you could also provide nimda/code red (sic Trojan) mitigation. I believe that Cisco's CSS switches will allow you the same functionality but am not quite up to speed on that gear. Security Policies gain legitimacy through actions. Your Security Policy and Procedures should act as a point of reference to for your Rulesets, however it will be up to you as the administrator, working with your ITSEC team and business units to define and streamline your identify the types of traffic you will need to allow entry and exit from your network in order to maintain normal business conditions. Remember the more complex a solution is, the greater the risk due to learning curve, configuration etc. you are concerned about Worms and viruses infiltrating hosts within or past a zone/dmz you may wish to explore not only Network Based Intrusion Detection, but Host Based as well.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Patrick Ramsey Sent: Tuesday, April 23, 2002 12:59 PM To: [EMAIL PROTECTED] Subject: Re: Security advice - opening ports other than 80 and 443 in[7: [7:42347] a good security policy would have had this matetr taken care of as soon as it sprouted! :) (not directed to you Sam, just replying to thread) :) that aside, 1) opening up every port on the firewall is not danegrous unless you have something accesible via the firewall listening on a specific port. 2) it only takes one server to be hacked to bring a network to a stop 3) 1 should never happen because it is highly insecure.. :) >>> "sam sneed" 04/23/02 12:41PM >>> They can do more than just bring the server down. They can gain control of the server and have it attack other servers on your network or outside network. ex. the IIS code red worm only needed port 80 to be open on Winblows servers to spread across the internet. ""Brown, M"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Certain application requires port other than 80 or 443 opened in the > firewall for inbound and outbound traffic. The firewall was configured to > allow traffic to that specific server ip address. > > The software vendor argues "that the worst scenario could be that hackers > could bring the server down. No other significant would be possible. " > > Is that true ? > > How risky is that to my network ? I would like to secure that connection > using CA from the company and IPSec. The software vendor argues that is not > necessary. >>>>>>>>>>>>> Confidentiality Disclaimer <<<<<<<<<<<<<<<< This email and any files transmitted with it may contain confidential and /or proprietary information in the possession of WellStar Health System, Inc. ("WellStar") and is intended only for the individual or entity to whom addressed. This email may contain information that is held to be privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorized access, dissemination, distribution or copying of any information from this email is strictly prohibited, and may subject you to criminal and/or civil liability. If you have received this email in error, please notify the sender by reply email and then delete this email and its attachments from your computer. Thank you. ================================================================ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=42356&t=42356 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
