At 22:51 27/03/96 -0600, Armando Aguilar wrote:
>Hello,
> Which is better on a Firewall , static routes or dinamic routes?
Simple answer: static routes.
Dynamic routes leave you open to attacks such as telling your firewall that
the best way to get to your private network is via the hacker's machine.
This means any address-based access control you have is lost.
They are obviously a little more difficult to maintain, but if you haven't
got the (small amount of) time to maintain the routes, or the information
about your network to keep it up to date, then perhaps you should question
your whole approach, and whether you can reasonably construct a safe
home-grown firewall. The fact you are asking this question probably means:
a) you are constructing your own firewall, and b) you are unaware of all the
issues involved, and could easily leave a gaping hole in your security. I
think it would be better to either go on a relevant internet security
training course, and/or call in a security consultant. Non-disclaimer: I am
not a security consultant, nor are any of my friends, so this is unbiased
advice.
I would also be surprised if this isn't covered in most texts on firewalls.
Sorry to sound so horribly patronising and probably snobby too, but this
particular area (routing and presumably ICMP redirects) is almost certainly
one of the first weapons a hacker would attack with, as it leaves no traces
and doesn't even require a password to get past the firewall.
Jonathan Larmour.
323 Cambridge Science Park, Origin UK, Cambridge, England. CB4 4WG.
Tel: +44 (1223)-423355 Fax: +44 (1223)-420724 E-mail: guess...
Disclaimer: This is not a disclaimer
|
|
