Once your DMZ box is compromised, the attacker now has a user account on
your internal domain. It's that simple. If you're trying to convince a
manager or other executive-type of the risks involved, put it to them just
like that. They don't need a technical explanation, they just want the
fact
Network Blackjack is an old gaming service, which is not used much anymore.
This open port is actually a TCP negotiation port, and Windows systems open
this negotiation port first by default. If you scan a Windows box that has
any open connections to another network device (TCP), there's a good
If you require a publicly available system, I can't think of any reason NOT
to use a DMZ. But...
The main reason for a DMZ (and perhaps the biggest advantage) is protection
of the LAN and local domains via network-layer segregation. This is a great
improvement over a typical (slack) setup, in
For the GUI, You need to specify the IP of the GUI client in the Check Point
Configuration tool if you're using NT on the management server. For
Voyager, you need to place a rule before the Stealth rule to allow HTTP from
a given workstation (or network) to the firewall. That should do the tric
We cannot help you. The
broadcast domain for 64.157.160.0/24 (I assume) lies between the firewall
and your router--that's it. It's
fundamental networking. Think
about it.
-OriginalFrom: Jeff Reinhardt
[mailto:[EMAIL PROTECTED]]Sent: Friday, April 13, 2001 7:01
AMTo:
[EMAIL
Anyone want to take these guys off the list. I've got about twenty of these
today from at least two mailboxes. I'm sure we all get enough mail...
Cheers!
Keith
-Original Message-
From: Warren D. Coger [mailto:[EMAIL PROTECTED]]
Sent: Thursday, April 12, 2001 6:01 AM
To: [EMAIL PROTEC
Inbound and Outbound inspection are not functions of network association
(internal or external). They have to do with the inspection moving through
the TCP/IP stack. For example, if you're only checking inbound, and someone
gains control of your firewall, FW-1 won't inspect anything leaving the
