Petr,
Are you looking to validate HTTP and not
do authorization? If so, this might get a lot
more difficult to do if not impossible. You
might be able to do filtering on the web
server or some other device(?), but if
someone is probing your system and use
port 80, your system will respond one way
or another.
I'm going to ask for help on this, since I
haven't tried something like this.
Trying to stop a DOS is like an ant trying to
stop a freight train. Trying to prevent DOS is
like an ant holding a sign that say's "bridge
out ahead".
OK, weak analogy. My point is, you can try and
reduce the risk, but you won't be able to eliminate
the problem.
Robert
- -
Robert P. MacDonald, Network Engineer
e-Business Infrastructure
G o r d o n F o o d S e r v i c e
Voice: +1.616.261.7987 email: [EMAIL PROTECTED]
>>> "Tuka, Petr" <[EMAIL PROTECTED]> 7/14/00 4:44:55 AM >>>
>Robert,
> thanks for your reply. I have WWW server in a DMZ. This server contains
>free information for everybody (internal and external). That is mean I dont
>think about user authorization. I think about legal/correct http trafic. Is
>packet/data going to port 80 of this server realy http traffic or not. How
>to secure my WWW server against for example Dos attack over port 80 etc..
>
>Petr
>
>> -----Puvodni zprava-----
>> Od: Robert MacDonald [mailto:[EMAIL PROTECTED]]
>> Odeslano: Thursday, July 13, 2000 4:24 PM
>> Komu: Tuka, Petr; [EMAIL PROTECTED]
>> Predmet: Re: [FW1] A HTTP Secure server
>>
>> Petr,
>>
>> Yes, place the internal web server in a DMZ or
>> "second" private network on a new NIC in your
>> fw. Then all your users must pass through the fw
>> to get to it. Only allow internal traffic to this new
>> network.
>>
>> Why not setup authorization on the web server
>> and save yourself the hassle? Or are you worried
>> that someone going to do some 'not nice things'
>> to it? If so, pull out that security policy,
>> review(update if needed) and show bad users.
>
>> Robert
>>
>> - -
>> Robert P. MacDonald, Network Engineer
>> e-Business Infrastructure
>> G o r d o n F o o d S e r v i c e
>> Voice: +1.616.261.7987 email: [EMAIL PROTECTED]
>>
>>>> "Tuka, Petr" <[EMAIL PROTECTED]> 7/12/00 9:31:09 AM >>>
>>>
>>> Hi,
>>> I have FW-1 4.0 SP5 on NT. If possible use/setup HTTP Secure server for
>>> securing internal Web server?
>>> If YES how can I do it.
>>>
>>> Regards
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
