Jeromie wrote,
>(Many leading emails deleted)
>
> I would be interested in hearing how checkpoint is securing their
> customers from SMTP based attacks! From what I have seen, they simply pass it
> through to a mail machine... If that mail machine happends to be running
> Sendmail 4.1, the attacker can blow holes right through the perimiter....?
>
> Jeromie Jackson
> Garrison Technologies
> jeromie @
garrison .
com
>
> Keep the flames burning.
Jeromie,
It's the firewall's responsibility to control access and pass protocols securely.
If the customer has a server that they are going to allow public access to, we
recommend that they isolate that server in a DMZ. This could be a mail server or
a web server, or whatever.
Here's how it works:
[External Net]----[Firewall]----[Internal Net]
|
|
[DMZ Net]
They key here is that you can limit access to specific DMZ servers to specific
services. You can log connection attempts to specific DMZ servers and most
important, you only allow connections to DMZ servers, not connections from DMZ
servers. You never allow connections originating from outside the inernal network
to enter into the internal network. That way, even if a DMZ server gets hacked,
it can't be used as a launching point to attack the good stuff, the internal network.
Have a great day,
David Helms
a launching platform into the secure network.
--
__________________________________
David Helms
Senior Technical Consultant
CheckPoint Software Technologies
ph 703.684.4824
fx 703.684.4847
davidh @
checkpoint .
com
__________________________________
Follow-Ups:
References:
|
|
