Re: publications concerning port forwarding

To:	"Jason L. Ellison" <infotek@datasync.com>
Subject:	Re: publications concerning port forwarding
From:	"Brendan Murray" <xasperated@gmail.com>
Date:	Wed, 11 Apr 2007 16:24:48 +1200
Cc:	pen-test <pen-test@securityfocus.com>
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	pentest-list2@consult.net
Delivered-to:	mailing list pen-test@securityfocus.com
Delivered-to:	moderator for pen-test@securityfocus.com
Dkim-signature:	a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=s7duxsglIktTCoQ7HWgl1ZpmiYtOghLe+NTEE+yQM1qZ0AR3h0HryuG41FJWsxdjRCXXax7C1YL39iDn1Dqi6ur+JOebUcdX4k4oJofmSilgcGCgJAa2LRpIxbs1kKM/Bqa/eNWSsh8iQhUtbxee8DVPmWiHK1BDMxrgAXOFxwU=
Domainkey-signature:	a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=fPnLNiJns4uSN5QlqniNhCfe7UjwvNburxlimu0fvmQ7jN3xUUs3UF0crxYvdmAC+vtd7nToqjfNx+xJx46thAZfKxkbe5JhG7fDNLSRraht16xF0T1Y21Iz6LzVZTdH5LtvkcAaFRNatXks18PvZXUbtoIH/w3dInYenXzu4vQ=
In-reply-to:	<Pine.LNX.4.58.0704101707530.6970@shell.datasync.com>
List-help:	<mailto:pen-test-help@securityfocus.com>
List-id:	<pen-test.list-id.securityfocus.com>
List-post:	<mailto:pen-test@securityfocus.com>
List-subscribe:	<mailto:pen-test-subscribe@securityfocus.com>
List-unsubscribe:	<mailto:pen-test-unsubscribe@securityfocus.com>
Mailing-list:	contact pen-test-help@securityfocus.com; run by ezmlm
References:	<Pine.LNX.4.58.0704101707530.6970@shell.datasync.com>
Resent-date:	Wed, 11 Apr 2007 00:06:35 -0600 (MDT)
Resent-from:	pen-test-return-1078483899@securityfocus.com
Resent-message-id:	<20070411060635.901A11C1F26@outgoing2.securityfocus.com>
Resent-sender:	listbounce@securityfocus.com
Sender:	listbounce@securityfocus.com

On 4/11/07, Jason L. Ellison <infotek@datasync.com> wrote:

List,

  I'm currently doing work for a large company as a consultant.  Another
consultant is installing a MS Exchange server and is now requesting for me
to forward ports on the PIX from the Internet to internal servers.  I have
explained that port forwarding is very risky but they don't seem to
understand.  Are there any publications that can be used to show the link
between port forwarding and bad security posture.  I've scoured and found
nothing (maybe its to obvious to document?)...



I must be misunderstanding what you're asking.

Without port forwarding then there will be no network facing services.
So port forwarding isn't bad in and of itself.

Indiscriminate port forwarding would be a bad thing.

If you're asking about forwarding from the internet through your dmz
to an internal network, then that's an issue of firewall placement and
routing, and most any good firewall book will cover the issues there.


As usual, refer to the implementation plan and the site security
policy. The PIX is there to implement policy. And since its a large
company it will have robust policies. Right?

Brendan


-Jason Ellison

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

<Prev in Thread]	Current Thread	[Next in Thread>
publications concerning port forwarding, Jason L. Ellison Re: publications concerning port forwarding, Ben Nell Re: publications concerning port forwarding, vtlists Re: publications concerning port forwarding, Brendan Murray <= RE: publications concerning port forwarding, Wiedemann, Adrian RE: publications concerning port forwarding, Jason L. Ellison RE: publications concerning port forwarding, Wiedemann, Adrian Message not available RE: publications concerning port forwarding, Wiedemann, Adrian RE: publications concerning port forwarding, Jason L. Ellison Re: publications concerning port forwarding, Jamie Riden RE: publications concerning port forwarding, Jason Rahl RE: publications concerning port forwarding, Thomas W Shinder Re: publications concerning port forwarding, vtlists Re: publications concerning port forwarding, Thor (Hammer of God)

Previous by Date:	Re: Boot floppy, berg
Next by Date:	Re: Boot floppy, jasper . o . waale
Previous by Thread:	Re: publications concerning port forwarding, vtlists
Next by Thread:	RE: publications concerning port forwarding, Wiedemann, Adrian
Indexes:	[Date] [Thread] [Top] [All Lists]