Firewalls: Re: Vendor Product Access

Firewalls
(November 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Vendor Product Access
From:	Paul Ferguson <pferguso @ cisco . com>
Date:	Mon, 13 Nov 1995 18:59:20 -0500
To:	"TMOONEY.UMI.COM" <TMOONEY @ umi . com>
Cc:	firewalls @ GreatCircle . COM

At 03:49 PM 11/13/95 EST, TMOONEY.UMI.COM wrote:

> 
>A vendor of an on-line database asks that we open our firewall to their
entire  
>Class B address space for both UDP and TCP on ports 8000 thru 9120.   
>  
>I have been asked to quantify the risks involved. My initial list includes:  
>  
>Why do they need their entire Class B? This allows ANYONE in their domain  
>access.  
>  
>Why do they want 1120 ports of both UDP or TCP? This seems a little large to  
>me.  
>  
>Any words of wisdom from admins "who have been there" that I can use to  
>bolster my initial "This is a BAD IDEA" reaction to upper management would be  
>appreciated.  
>  
>Thanks,  
>Tom Mooney  
>Senior UNIX System Administrator 
>  
>

Okay, "This is a Bad Idea." The gaping hole approach to network security.

- paul

--
Paul Ferguson                                           ||        ||
Consulting Engineering                                  ||        ||
Reston, Virginia   USA                                 ||||      ||||
tel: +1.703.716.9538                               ..:||||||:..:||||||:..
e-mail: pferguso @
 cisco .
 com                         c i s c o S y s t e m s

Indexed By Date	Previous:	More VIRUS WARNINGS!! From: "Dave Druitt" <dave_druitt @ GWFX1 . sysorex . com>
Indexed By Date	Next:	Re: Vendor Product Access From: Alan Hannan <alan @ gi . net>
Indexed By Thread	Previous:	Re: Vendor Product Access From: Alan Hannan <alan @ gi . net>
Indexed By Thread	Next:	Re: Vendor Product Access From: frankw @ in . net (Frank Willoughby)