Can your router do "logging"? Is logging of both successful/unsuccessful
connection attempts important to your security plan? Your initial
security policy sounds quite easy to implement with a router, BUT...
unless your requirements are very static, and you don't ever anticipate
needing inbound access for other services, and outbound access for users
(w/logging), then a proxy-based firewall may be in your future. A
proxy-based firewall can also inspect a little further into the packet,
when implementing rules, as whereas a router can only filter based on
source/dest IP address and type of service...
--------KANSAS DEPARTMENT OF HEALTH & ENVIRONMENT---------
---------------WWW.STATE.KS.US/PUBLIC/KDHE----------------
--------------Landon State Office Building----------------
------------------Phone (913) 296-5643--------------------
*** Forwarding note from I1106407--IBMMAIL 09/09/97 17:17 ***
=========================================================================
From: dcostello @
cmol .
com
Date: Tue, 09 Sep 97 16:05:26 -0500
To: <Firewalls-digest @
greatcircle .
com>
Subject: Simple question
This may sound like a simple question and it probably is. If I have a router
that is capable of IP address and UDP port filtering both inbound and outbound,
why would I need a firewall? If I understand this correctly I could setup my
router to only allow incoming www traffic to my web server by setting a filter
that denies everything except UPD port 80 traffic to 10.1.1.1. I'm just
getting
into this area and have a few questions.
Thanks,
Dave Costello
---- End of mail text
Additional SMTP headers from original mail item follow:
Received: from relay4.UU.NET by ibmmail.COM (IBM VM SMTP V2R3) with TCP;
Tue, 09 Sep 97 18:17:26 EDT
Received: from honor.greatcircle.com by relay4.UU.NET with ESMTP
(peer crosschecked as: honor.greatcircle.com [198.102.244.44])
id VQdghs29352; Tue, 9 Sep 1997 18:07:34 -0400 (EDT)
Received: (majordom @
localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-9703
08-1) id MAA17544 for firewalls-outgoing; Tue, 9 Sep 1997 12:59:17 -0700 (PDT)
Received: from smtp.cmol.com (smtp.cmol.com [207.113.101.10]) by honor.greatcir
cle.com (8.8.5/Honor-970824-1) with ESMTP id MAA17300 for <Firewalls-digest @
gre
atcircle.com>; Tue, 9 Sep 1997 12:58:34 -0700 (PDT)
Received: from mail.cmol.com ([207.113.101.9]) by smtp.cmol.com
(Post.Office MTA v3.1 release PO205e ID# 0-0U10L2S100) with SMTP
id AAA164 for <Firewalls-digest @
greatcircle .
com>;
Tue, 9 Sep 1997 16:15:43 -0400
Received: from ccMail by mail.cmol.com (ccMail Link to SMTP R8.00.01)
id AA873835664; Tue, 09 Sep 97 16:07:45 -0500
Message-Id: <9709098738 .
AA873835664 @
mail .
cmol .
com>
X-Mailer: ccMail Link to SMTP R8.00.01
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: firewalls-owner @
GreatCircle .
COM
Precedence: bulk
|
|
