Firewalls: RE: Vendor Product Access

Firewalls
(November 1995)

Indexed By Thread: [Previous] [Next]

Subject:	RE: Vendor Product Access
From:	jwojn @ telxon . mis . telxon . com (Wojno, Jim)
Date:	Tue, 14 Nov 1995 11:04 EST
To:	firewalls @ greatcircle . com

How about a modem? This gives a single point of entry, while only allowing a 
single user access.

Jim Wojno
Systems Administrator
Telxon Corporation

_________________Begin included text______________________________

A vendor of an on-line database asks that we open our firewall to their
entire
Class B address space for both UDP and TCP on ports 8000 thru 9120.

I have been asked to quantify the risks involved. My initial list includes: 


Why do they need their entire Class B? This allows ANYONE in their domain
access.

Why do they want 1120 ports of both UDP or TCP? This seems a little large to 

me.

Any words of wisdom from admins "who have been there" that I can use to
bolster my initial "This is a BAD IDEA" reaction to upper management would 
be

appreciated.

Thanks,
Tom Mooney
Senior UNIX System Administrator

_________________End included text__________________________________

Indexed By Date	Previous:	HPUX client program for OPIE/SKEY??? From: gary flynn <gary @ habanero . jmu . edu>
Indexed By Date	Next:	Re: Vendor Product Access From: "Mike O'Connor" <mjo @ dojo . mi . org>
Indexed By Thread	Previous:	Re: Vendor Product Access From: janken @ rust . net (Kenneth J. Stephens)
Indexed By Thread	Next:	Re: Vendor Product Access From: "Mike O'Connor" <mjo @ dojo . mi . org>