Great Circle Associates Firewalls
(July 1996) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: denying services at the router
From: bobk @ manzanita (Bob Konigsberg)
Date: Tue, 30 Jul 1996 10:32:23 -0700
To: william . wells @ damark . com, cmcurtin @ research . megasoft . com
Cc: firewalls @ GreatCircle . COM 
A good basic philosopy would be to divide your service approach 
in the following manner

1) Deny everything
2) Allow service list (telnet, ftp, http, whatever) all inside may access
   all outside (Service flow direction, not packet flow).
3) Allow specific service for all inside to X, Y, and Z outside
   (Example, outside net news server, or other contracted general service)
4) Allow specific service for a, b, c inside to x, y, z outside
   (Specific contracted service - Resume' search for example to Personnel)

BobK
Indexed By Date Previous: Re: So called ISDN secrets
From: nsacpt @ fnma . com (David Baldwin)
Next: RE: transparent AG
From: Dale Lancaster <dlancaster @ raptor . com>
Indexed By Thread Previous: Re: denying services at the router
From: C Matthew Curtin <cmcurtin @ research . megasoft . com>
Next: * Protect Yourself Without Paying Costly Attorney Fees *
From: "Dean W. Nelson" <#genesis6 @ ix13 . ix . netcom . com>
Google
 
Search Internet Search www.greatcircle.com