>
>Securing multi-protocol WANs built on dynamically-addressed protocols
>( e.g., Vines; Appletalk ) is one of the most difficult security problems
>I personally see. The relative stability of IP addresses has been a factor
>in my occasional use of IP-encapsulation as a firewalling tool, even if
>the router directly supports the protocol in question.
>
>Any of the more seasoned firewallers given any thought to this class of
>problem, or know more about DHCP ?
>
In terms of IP filters and your local machines, I don't think that
it will really be a problem because how often do machines really move
around at your company, especially between sides of a WAN link( which
is where you would probably want to set-up IP filters to remote
offices)? This may become a problem, however, as mobile computer
users increase and want to access your site.
You will also want to make sure that the dynamic addressing
request packets do not make it through your firewall too. It would be
a shame for someone outside your company to suddenly own an address
which resides within your company. :-)
--tOm
--
/---------------------------------------------------------------------/
\ \
/ Thomas D. Nadeau ======== ======== /
\ Internetworking Software ======= ========= \
/ Xyplex, Inc. ======= ====== /
\ 295 Foster Street, ======== == \
/ Littleton, MA 01460 -------======= ------- /
\ ======== == \
/ Voice: (508) 952-4837 ======= ====== /
\ FAX: (508) 952-4887 ======= ========= \
/ email: tdnadeau @
eng .
xyplex .
com ======== ========== /
\ \
/---------------------------------------------------------------------/
References:
|
|
