[olug] VNC w/Qwest

Dave Thacker dthacker9 at cox.net
Tue Oct 16 12:35:19 UTC 2007


On Monday 15 October 2007 23:13, Benjamin Watson wrote:
> The way I learned it, when standing up a firewall, configure it to
> block everything, then slowly open up the ports you need.  When it
> comes to opening up ports, even that may be restricted to allow
> traffic between distinct IPs/MACs/Hostnames.
>
> As a person who works for the DoD, I can tell you that you need a
> strong business justification for the IA (information assurance) shop
> to open up ports on their firewall for you.
>
> I can understand allowing ICMP traffic within your private side, but
> from the outside in has been a "no no" everywhere I've worked.  To
> that end, I typically find that DMZ servers are themselves configured
> not to respond to ICMP and have statically assigned IPs.


The CISP/PCI bunch are pretty picky on this as well.  Your compliance plan 
must include business justification for any open port. 
>

Dave 



More information about the OLUG mailing list