Quicksearch
Navigation
Events
Trusted Ad
Blower Door Test
Luftdichtigkeitsmessung für Gebäude Raum Hamburg ab 160 € excl. MwSt
www.m-tectum.de
Luftdichtigkeitsmessung für Gebäude Raum Hamburg ab 160 € excl. MwSt
www.m-tectum.de
Kategorien
About this blog- Apple
- iPhone
- Aviation
- Bahn
- Begriffe des Lebens
- Blogosphere
- Braindump
- Business Travel
- CANBOX
- CeBIT
- CEC
- Computing
- del.icio.us
- Fundsache
- General
- i hate sundays
- Kochen
- Mindfuck
- Movies
- Music
- On Benchmarketing
- Persoenliches Pech
- Photographie
- policy of ...
- Privacy
- Recommended Blogs
- Security
- Solaris
- Strange Days
- Sun
- suncec2007
- suncec2008
- Technology
- The IT Business
- Toolbox
- Travel
- Work
Considerations about perimeter security
Wednesday, February 28. 2007
Trackbacks
Trackback specific URI for this entry
No Trackbacks
Comments
Display comments as
(Linear | Threaded)
Of course firewalls are still needed, but as a rule of thumb, one can say, keep the security as close to the data as possible.
This means every server should run its own firewall (in Solaris e.g. ipfilter). Only incoming application connections should be allowed that are trusted, provide integrity and encryption (e.g . SSL/TLS or SSH with certificates).
This means every server should run its own firewall (in Solaris e.g. ipfilter). Only incoming application connections should be allowed that are trusted, provide integrity and encryption (e.g . SSL/TLS or SSH with certificates).
You are correct, but the hostbased firewall can only be the last line of defense. I would suggest at least an additional firewall at the borders of the kingdom (border router/border firewalls). A breach in the firewall functionality would be disastrous, if it´s the only one ...
BTW: Check out the Jericho Forum http://en.wikipedia.org/wiki/JerichoForum
In a recent project where the application does not support these methods, we use a product from ssh.com.
The software provides secure application tunneling functionality which is completly transparent to the application. Basically an agent running on windows, captures application traffic and tunnels all the traffic through an ssh tunnel (of course after first passing the authentication).
This means, the perimeter firewall needs only one rule (allow incoming tcp port 22 connections). Much easier to manage, even if the application uses several tcp ports (udp cannot be tunneled with ssh)
This way a hacker has only one port he could try to get in.
The software provides secure application tunneling functionality which is completly transparent to the application. Basically an agent running on windows, captures application traffic and tunnels all the traffic through an ssh tunnel (of course after first passing the authentication).
This means, the perimeter firewall needs only one rule (allow incoming tcp port 22 connections). Much easier to manage, even if the application uses several tcp ports (udp cannot be tunneled with ssh)
This way a hacker has only one port he could try to get in.
The LKSF book
The book with the consolidated Less known Solaris Tutorials is available for download here
Web 2.0
Contact
Networking
open.bc
LinkedIn
Facebook
My photos
- mail: joerg@c0t0d0s0.org
- icq: 144000169
- Me, myself and I
- openBC
- My del.icio.us
- c0t0d0s0@twitter
- c0t0d0s0@last.fm
- wiki@c0t0d0s0
- Amazon Wishlist
Networking
open.bc
My photos
Syndication
Comments
about My thoughts about the future of Sun ...
Thu, 20.11.2008 11:42
Mona, viele grosse Firmen i n Europe werden in Kürze auf S taroffice/Openoffice wechseln, da der Umstieg auf Offi [...]
Thu, 20.11.2008 11:42
Mona, viele grosse Firmen i n Europe werden in Kürze auf S taroffice/Openoffice wechseln, da der Umstieg auf Offi [...]
about My thoughts about the future of Sun ...
Thu, 20.11.2008 11:39
I tend to agree - suns problem mainly 2 things imho: lack of good corporate pr including c lear roadmaps and wall s [...]
Thu, 20.11.2008 11:39
I tend to agree - suns problem mainly 2 things imho: lack of good corporate pr including c lear roadmaps and wall s [...]
about My thoughts about the future of Sun ...
Thu, 20.11.2008 10:50
Well ... i don´t really think that muscle cars and Pick Ups are good products. Those cars have enough cylinder cap [...]
Thu, 20.11.2008 10:50
Well ... i don´t really think that muscle cars and Pick Ups are good products. Those cars have enough cylinder cap [...]
about My thoughts about the future of Sun ...
Thu, 20.11.2008 09:59
Nice articel but i guess that the products himself cant help to safe the future of sun. GM also have great product [...]
Thu, 20.11.2008 09:59
Nice articel but i guess that the products himself cant help to safe the future of sun. GM also have great product [...]
about My thoughts about the future of Sun ...
Thu, 20.11.2008 07:25
Nettes Posting welches sich ab er wieder nur um die Produkte von SUN dreht und nicht um das Doing drumherum. 600-80 [...]
Thu, 20.11.2008 07:25
Nettes Posting welches sich ab er wieder nur um die Produkte von SUN dreht und nicht um das Doing drumherum. 600-80 [...]
Getaggte Artikel
AMD Apple avs Bahn Blogging Blogosphere braindump Business Travel CeBIT cec cec2006 CMT del.icio.us deutsch dtrace fliegen Fundsache General Hamburg IBM i hate sundays Intel iscsi jumpstart Links Linux lksf Mindfuck Movies Music Musik Niagara Opensolaris Opteron Photographie policy of ... Politik Security Solaris storage Sun suncec2007 sunw t1 The IT Business Ultrasparc ultrasparc t1 Wirtschaft Work ZFS
Blog Administration
Buttons
