Firewalls: Re: PIX (CISCO)

Firewalls
(October 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: PIX (CISCO)
From:	peter @ baileynm . com (Peter da Silva)
Date:	Fri, 4 Oct 1996 09:03:11 -0500 (CDT)
To:	jeromie @ garrison . com (Jeromie Jackson)
Cc:	Firewalls @ greatcircle . com, BETTICK @ boat . bt . com
In-reply-to:	<9610041116 . AA03519 @ ukn0 . garrison . com . > from "Jeromie Jackson" at Oct 4, 96 06:16:24 am

Lord knows I'm no fan of IP filtering but this is a straw man.

> bubble around your network.  IP filtering relies on header information 
> (src, port, dst, port, flags).  My usual ACL example:
> 
> 	"We do not allow any inbound connections EXCEPT SMTP"
> 	"We allow only XYZ.COM to connect to our telnet port"
> 
> 	That would be a fair policy for many corporations.

No, it wouldn't. And it wouldn't be a fair policy with proxies, either. A
more likely arrangement would be "we allow outbound connections, and we
allow inbound SMTP and FTP connections to our public access server."

References:

RE: PIX (CISCO)
From: jeromie @ garrison . com (Jeromie Jackson)

Indexed By Date	Previous:	cisco 2511 file transfer through firewall. From: "Steven E. Matkoski" <matkoski @ dreamscape . com>
Indexed By Date	Next:	Small network Firewall From: Irwin Lazar <lazar @ netevolve . com>
Indexed By Thread	Previous:	RE: PIX (CISCO) From: jeromie @ garrison . com (Jeromie Jackson)
Indexed By Thread	Next:	Re: PIX (CISCO) From: Ryan Mooney <ryan @ pcslink . com>