Re: publications concerning port forwarding

From: Brendan Murray (xasperated@gmail.com)
Date: Wed Apr 11 2007 - 00:24:48 EDT

• Next message: Shreyas Zare: "Re: Boot floppy"
• Previous message: Clint P. Garrison MBA, CISSP, QSA: "Re: Boot floppy"
• In reply to: Jason L. Ellison: "publications concerning port forwarding"
• Next in thread: Ben Nell: "Re: publications concerning port forwarding"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On 4/11/07, Jason L. Ellison <infotek@datasync.com> wrote:
> List,
>
> I'm currently doing work for a large company as a consultant. Another
> consultant is installing a MS Exchange server and is now requesting for me
> to forward ports on the PIX from the Internet to internal servers. I have
> explained that port forwarding is very risky but they don't seem to
> understand. Are there any publications that can be used to show the link
> between port forwarding and bad security posture. I've scoured and found
> nothing (maybe its to obvious to document?)...

I must be misunderstanding what you're asking.

Without port forwarding then there will be no network facing services.
So port forwarding isn't bad in and of itself.

Indiscriminate port forwarding would be a bad thing.

If you're asking about forwarding from the internet through your dmz
to an internal network, then that's an issue of firewall placement and
routing, and most any good firewall book will cover the issues there.

As usual, refer to the implementation plan and the site security
policy. The PIX is there to implement policy. And since its a large
company it will have robust policies. Right?

Brendan
>
> -Jason Ellison
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
>
> http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
> ------------------------------------------------------------------------
>
>

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

• Next message: Shreyas Zare: "Re: Boot floppy"
• Previous message: Clint P. Garrison MBA, CISSP, QSA: "Re: Boot floppy"
• In reply to: Jason L. Ellison: "publications concerning port forwarding"
• Next in thread: Ben Nell: "Re: publications concerning port forwarding"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:42 EDT