Firewalls-Digest Monday, February 3 1997 Volume 06 : Number 044
In this issue:
Re: NT Firewalls
Re: Question on MAC Address
See the end of the digest for information on subscribing to the Firewalls
or Firewalls-Digest mailing lists and on how to retrieve back issues.
----------------------------------------------------------------------
Date: Sun, 2 Feb 1997 23:35:04 -0500
From: "Jamie Thain" <jthain @
cat .
bbsr .
edu>
Subject: Re: NT Firewalls
Paul,
This NT vs UNIX firewall issue has been debated several times on this list.
I would suggest that both OS's are able to be secure. And that local
experience in making one or the other secure would help. I would also
suggest that you not consider a firewall a single machine, but a
configuration of several machines to defend against security threats to
your computing environment.
In the later statement I would suggest that you have at least two different
OS types and two different Firewall vendor protections. For example.
Firwall/Plus DMZ Firewall-1
NT --- Proxy stuff ---- UNIX --- Internal Lan.
Likewise the security policy you are trying to implement will have a vast
effect on the firewall configuration that you choose.
regards:jamie
- ----------
> From: Paul A. Murphy <pamurphy @
primary .
net>
> To: firewalls @
GreatCircle .
COM
> Subject: NT Firewalls
> Date: Sunday, February 02, 1997 12:10 AM
>
> Hello!
>
> My company is looking into firewalls to protect our network that is
> connected with a T-1.
>
> Our company is migrating to NT as a standard and I am concerned that the
> NT Firewalls are generally less secure than the UNIX firewalls and am
> looking for material to make my case that the firewall be UNIX.
>
> I would appreciate any comments related to the UNIX vs NT debate.
>
> Thanks
>
> Paul Murphy
> St. Louis
------------------------------
Date: Sun, 2 Feb 1997 23:09:38 -0800
From: mch @
squirrel .
com (Mark Henderson)
Subject: Re: Question on MAC Address
- --MycPikHgYmatd1I+
Mike Jones writes:
> Yes, it should be like that. It's just the way Suns work. They change
> the MAC address of all Ethernet interfaces to be the same as the
> "primary" interface (typically le0). It's OK, because MAC addresses only
> really have to be unique on a per-segment basis for things to work, and
> it keeps a 1-to-1 relationship between machines and MAC addresses.
>
> Mike Jones
> Sr. Network Computing Advisor
> UNIFIED Technologies
On most modern Sun workstations and servers that MAC address is
stored in NVRAM (SGS-Thomson M48T02, M48T08, M48T59Y depending upon
the model of Sun). This is the same NVRAM that stores things like
boot device, nvramrc, input-device, etc. - although the methods for
modifying this ethernet address in NVRAM are not documented, at least
by Sun ;-)
The SS1000 and SC2000 are different in that, the MAC address is
stored in a flash eeprom.
In any case, this MAC address in NVRAM is the default MAC address for
all ethernet and fast ethernet interfaces. You can override this
default for any particular interface with ifconfig.
Typically this is only an issue when one wants to put two interfaces
on the same segment.
- --MycPikHgYmatd1I+
Content-Type: application/pgp-signature
- -----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
iQCVAwUBMvWPLKWYCYyyZn7/AQHO7wP/duAYfPaVNY/ko5vFSYCd0goFr8Fg/xLo
JyrxXBzczT+H3NAVuCKhlNKUHdKqiZifh1GFYpJ6E5duFGCyF9eRQmss+LtyfbPR
WpH0KbzKDUK1LStoeYeSHe7x2vMG9TWQ24YGXnQXrl7XN0ARabd6EB/sO8pHcqtN
QQAEHpBojBs=
=QOo8
- -----END PGP SIGNATURE-----
- --MycPikHgYmatd1I+--
------------------------------
End of Firewalls-Digest V6 #44
******************************
To unsubscribe from Firewalls-Digest, send the following command
in the body of a message to "Majordomo @
GreatCircle .
COM":
unsubscribe firewalls-digest
If you want to subscribe or unsubscribe an address other than the
account the mail is coming from, such as a local redistribution list,
then append that address to the command; for example, to subscribe
"local-firewalls":
subscribe firewalls-digest local-firewalls @
your .
domain .
net
A non-digest (direct mail) version of this list is also available; to
subscribe to that instead, replace all instances of "firewalls-digest"
in the commands above with "firewalls".
Compressed back issues are available for anonymous FTP from
FTP.GreatCircle.COM, in pub/firewalls/digest/vNN.nMMM.Z (where "NN"
is the volume number, and "MMM" is the issue number).
|
|
