My Firewall admin have just gave me an user account to connect to our internal Firewall in order to verify it´s configuration. After about 4 months, he finnaly gave me a "read-only" account.
When I first connect I was impressed: our internal firewall (who was supposed to isolate our engineer network) has 8 policy rules and around 80 NAT rules. As the last access rule (of 8) is a "default permit" rule (anything from anywhere can pass), I named it as our new "NAT Gateway" security equipment.
From now on, a "NAT Gateway" is a special-purpouse security device that contains no usefull security rules, only lots of NAT rules.
1 comment:
Bom se o fw for stateful, ainda é melhor ter um permit any any do que nada, tentativas de injetar pacotes, spoofings e acks storms vao ser barrados por "packet out of state".. her.. bem.. pelo menos vi um lado positivo :-P
Post a Comment