By this you're assuming that the firewall can prevent people from
exploiting FTP itself.
Since Wu-FTP and PROftp and others all have root-level exploits on various
versions it would be like giving someone a path through the firewall into
the protected environment of the office. I don't believe most firewalls
(especially Linux's MASQ in this case) do any content-filtering to prevent
people from exploiting services like FTP.
Ideally, if the FTP server was completely secure, it wouldn't matter..
- Aaron Schultz
- [EMAIL PROTECTED]
------
On Wed, 26 Jul 2000, J Weismann wrote:
> Now why would you have it outside the firewall? By this I mean
> Internet->files->firewall->LAN. why not put it inside the protection of the
> firewall so the files can be protected? IE Internet->firewall->files->LAN?
>
> that would be a much more secure solution and not leave those files
> available to all who can hack the machine.
>
>
> >From: Ron DuFresne <[EMAIL PROTECTED]>
> >To: J Weismann <[EMAIL PROTECTED]>
> >CC: [EMAIL PROTECTED], [EMAIL PROTECTED]
> >Subject: Re: Looking for firewall solution advice
> >Date: Wed, 26 Jul 2000 13:00:33 -0500 (CDT)
> >
> >
> >never on the firewall, leave it outside and harden the host.
> >
> >Thanks,
> >
> >Ron DuFresne
> >
> >On Wed, 26 Jul 2000, J Weismann wrote:
> >
> > > I'll disagree with this for one reason. Firewall-GOOD! outside firewall
> >file
> > > server-BAD!!! put it on the inside of the firewall and have the user's
> > > tunnell or loginto the firewall to get access to the files. You leave
> >that
> > > puppy out there on friday and by monday your bandwith is at 100% usage
> >and
> > > wondering who setup a Warez FTP server on your file server.
> > >
> > > Guard every file like it was your own......
> > >
> > >
> > > >From: Ron DuFresne <[EMAIL PROTECTED]>
> > > >To: Chris Mason <[EMAIL PROTECTED]>
> > > >CC: [EMAIL PROTECTED]
> > > >Subject: Re: Looking for firewall solution advice
> > > >Date: Wed, 26 Jul 2000 10:31:05 -0500 (CDT)
> > > >
> > > >
> > > >I'd rethink the solution and advice under consideration and put the
> >file
> > > >server on a totally different box, most likely on the outside of the
> > > >firewall on the dmz perhaps.
> > > >
> > > >Thanks,
> > > >
> > > >Ron DuFresne
> > > >
> > > >On Wed, 26 Jul 2000, Chris Mason wrote:
> > > >
> > > > > I'm advising a company on setting up a network with remote access.
> >The
> > > > > network will be windows machines with a Linux firewall configured
> >with
> > > > > PMfirewall. There will be a single IP wavelan internet feed to the
> > > >firewall
> > > > > which will be masq'ed for the internal network which will use
> > > >non-routable
> > > > > IPs.
> > > > > The firewall machine will also be a fileserver for accounting data.
> >The
> > > > > client would like to be able to access the accounting data on the
> > > >firewall
> > > > > from outside using her laptop connected to a dial-up account
> >somewhere
> > > >in
> > > > > the world. I would like to put in place a VPN solution for her.
> > > > > Any suggestions?
> > > > >
> > > > >
> > > > > Chris Mason
> > > > > Box 340, The Valley, Anguilla, British West Indies
> > > > > Tel: 264 497 5670 Fax: 264 497 8463
> > > > > USA Fax (561) 382-7771
> > > > > Take a virtual tour of the island
> > > > > http://net.ai/ The Anguilla Guide
> > > > > Find out more about NetConcepts
> > > > > www.netconcepts.ai
> > > > > bwz*mq
> > > > >
> > > > >
> > > > > -
> > > > > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > > > > "unsubscribe firewalls" in the body of the message.]
> > > > >
> > > >
> > > >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > > >"Cutting the space budget really restores my faith in humanity. It
> > > >eliminates dreams, goals, and ideals and lets us get straight to the
> > > >business of hate, debauchery, and self-annihilation." -- Johnny Hart
> > > > ***testing, only testing, and damn good at it too!***
> > > >
> > > >OK, so you're a Ph.D. Just don't touch anything.
> > > >
> > > >-
> > > >[To unsubscribe, send mail to [EMAIL PROTECTED] with
> > > >"unsubscribe firewalls" in the body of the message.]
> > >
> > > ________________________________________________________________________
> > > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
> > >
> > >
> >
> >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >"Cutting the space budget really restores my faith in humanity. It
> >eliminates dreams, goals, and ideals and lets us get straight to the
> >business of hate, debauchery, and self-annihilation." -- Johnny Hart
> > ***testing, only testing, and damn good at it too!***
> >
> >OK, so you're a Ph.D. Just don't touch anything.
> >
>
> ________________________________________________________________________
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
