You might want to consider using PPTP, Net-net Tunnel servers, or
PC-Firewall Tunnel VPNs rather than opening a slew of ports for each new
service on your firewall. The more you let through, the less of a firewall
it is. Behind the tunnel use packet filtering to decide who gets to what
(security in layers).
As someone stated before, firewalls are good at filtering solicited
services, and not so good at filtering unsolicited services. I submit that
for these new unsolicited services you have to fall back on strong
authentication & encryption rather than rely on a generic proxy. Proxy
developers can't keep up with all new applications, since proxies
essentially are copies of that application running on a gateway
machine(i.e.; to proxy, to act for).
I believe the future of firewalls will be as a group of proxy servers, VPN
machines and secure application servers. (Oh, here he goes with that farm
thing again...). ;)
Bill Stout
|
|
