Great Circle Associates Firewalls
(September 1992)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: X and firewalls
From: Amos Shapira <amoss @ cs . huji . ac . il>
Date: Tue, 29 Sep 92 15:42:43 +0200
To: tmd @ s1 . gov (Tina M. Darmohray)
Cc: firewalls @ GreatCircle . COM
In-reply-to: Your message of Mon, 28 Sep 92 16:01:18 PDT . <9209282301 . AA12661 @ random . s1 . gov>

In message <9209282301 .
 AA12661 @
 random .
 s1 .
 gov> you write:
|
|I'd be interested in hearing what kinds of solutions folks are using to run X 
|through
|firewalls. -- I'll post a summary of any responses I get.
|
|	Tina
|	tmd @
 s1 .
 gov

While we are still not implementing a firewall (and I intend to block X
when we do so, just because its unlikely to be usefull to anyone) I think
that X11R5 could be considered quite safe with the Magic-Cookie mechanism,
besides that I think it should be blocked like any other remote-access
protocol (i.e., according to my approach, block it and allow only certain
machines from outside to login to (a) certain machine(s) inside temporarily
when one of the staff members visits abroad and needs access).

Cheers,

--Amos Shapira (Jumper Extraordinaire)

CS System Group, Hebrew University, Jerusalem, Israel
amoss @
 cs .
 huji .
 ac .
 il



Follow-Ups:
References:
Indexed By Date Previous: SUMMARY: Why allow incoming telnet?
From: Frederick M. Avolio <avolio @ dco . dec . com>
Next: Re: SUMMARY: Why allow incoming telnet?
From: Joe Peck <peck @ PA . DEC . COM>
Indexed By Thread Previous: Re: X and firewalls
From: Gene Spafford <spaf @ cs . purdue . edu>
Next: Re: X and firewalls
From: Daren W. Latham <dwl @ mentat . udev . cdc . com>

Google
 
Search Internet Search www.greatcircle.com