|
Firewall Wizards
mailing list archives
Re: tunnel vs open a hole
From: Adam Shostack <adam () homeport org>
Date: Sun, 6 Apr 2003 15:04:50 -0400
On Fri, Apr 04, 2003 at 03:53:36PM -0500, Anton A. Chuvakin wrote:
| All,
|
| Sorry for this somewhat generic query, but I'd really want to know the
| general consensus on the issue from the esteemed list members. I have
| seen that such debates often spark on the list, and I think summary (which
| might arise as a result of my query) would be useful for everybody, so...
|
| ...if to run a new application you'd have to either:
|
| 1. open a new port
| 2. accept tunneling over already open port/protocol
|
| which would you choose?
|
| To clarify, imagine you have to have something that need to talk thru a
| firewall from a less secure compartment to a more secure one. And the
| options are: open TCP port XXXXX (to the required host only, of course),
| or tunnel over currently open (or proxied) port 80?
Opening a new port allows you to compartmentalize, should you discover
that the external component has vulnerabilities.
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
 By Date 
By Thread
Current thread:
|
Intro
