Firewalls: Re: Is NT really that bad?

Firewalls
(December 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Is NT really that bad?
From:	peter @ baileynm . com (Peter da Silva)
Date:	Tue, 10 Dec 1996 09:59:09 -0600 (CST)
To:	ygh @ cfsnet . com
Cc:	firewalls @ GreatCircle . COM
In-reply-to:	<03560172800870 @ eye-on . co . il> from "Yehuda Hahn" at Dec 10, 96 05:56:09 am

> Guys, after browsing this list for a few days I realize this is an 
> extremely controversial issue, but: if I want to protect a small 
> NT network whose sole purpose is to provide a SSL web server, can I 
> do so safely by configuring an NT firewall to provide access to 
> port 443 exclusively?

I wouldn't bother with an NT firewall... I'd put in a router that blocked
packets from the outside not destined for that port. It'd be a lot cheaper
and would do everything that a filtering firewall would do *for this case*
because you don't have any outbound access so you don't have any need for
outside packets to get to high numbered ports, and any attack at the
application level would come straight through a firewall anyway.

If you already have Checkpoint-1 on NT then use it, but if you don't it's
just extra expense.

References:

Is NT really that bad?
From: "Yehuda Hahn" <ygh @ mail . netvision . net . il>

Indexed By Date	Previous:	Re: Another IIS Bug From: "Bruce M." <bkmarsh @ feist . com>
Indexed By Date	Next:	Re: The Unix over NT firewall debate From: peter @ baileynm . com (Peter da Silva)
Indexed By Thread	Previous:	Is NT really that bad? From: "Yehuda Hahn" <ygh @ mail . netvision . net . il>
Indexed By Thread	Next:	RE: Is NT really that bad? From: "Yehuda G. Hahn" <ygh @ cfsnet . com>