Jeff Abrahamson on Thu, 30 Jan 2003 18:50:31 -0500


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] firewall risk


On Thu, Jan 30, 2003 at 04:35:58PM -0500, LeRoy Cressy wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Your firewall should not listen for ANY ports!  Your firewall should 
> only forward certain packets to the appropriate box on the dmz network. 
>  I would not allow any ssh logins from the Internet on the firewall. 
> It would be alright to allow ssh logins on a dmz network box.

You're probably right, but on a home network one doesn't always want
to devote yet another machine to the network just to have three tiers
(fw, dmz, and internal). That's why I allow ssh login on my gateway,
but have no other useful data on the gateway, and gateway passwords
are substantially different from other passwords.

I'd like to put a one-time password authentication program on login on
the gateway, but I haven't found one. Anyone else tried this? (The
only reason would be for when I log in from public machines, say at
Drexel. Then at least I needn't worry that someone's put up a key
sniffer. But I try just not to worry...)

-- 
 Jeff

 Jeff Abrahamson  <http://www.purple.com/jeff/>
 GPG fingerprint: 1A1A BA95 D082 A558 A276  63C6 16BF 8C4C 0D1D AE4B

Attachment: pgpycSwgC6Soi.pgp
Description: PGP signature