ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Serveronly node loses address

2006-04-24 08:02:07
Subject: Re: Serveronly node loses address
From: Steven Harris <steve AT STEVENHARRIS DOT INFO>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Mon, 24 Apr 2006 21:59:20 +1000 
Sorry if I wasn't clear Richard

The intent is that no session can be initiated from the box in the
DMZ to any address inside the firewall.

Sessions can be initiated from inside the firewall to the the box in
the DMZ, then the DMZ box can reply to those sessions.
I think the idea is that there are no open ports that can be used for
any sort of attack, although I'm no networking guru.

I suppose an enterprising hacker, having compromised the DMZ box,
could circumvent this by having a process sit on, eg the Windows RDP
port, and then attack the connecting RDP program, but there is no
port that can be repeatedly attacked because it is always open.

Steve.




On 24/04/2006, at 9:08 PM, Richard Sims wrote:


On Apr 23, 2006, at 8:54 PM, Steven Harris wrote:


I have a new client with a requirement that a box in the DMZ have no
open ports through the firewall.

"We can do that" I said, and set up the node with
SessionInitiation=serveronly and a defined IP address and port. ...


Steve - That sounds like a contradiction in terms to me.

You can't contact a peer system if there is no port accessibility.
A full exploration of intent and means is needed there before going
on to attempt scheduler execution.

   Richard Sims
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Serveronly node loses address, Richard Sims
Next by Date:  TSM reporting tool - unable to email reports, David Browne
Previous by Thread:  Re: Serveronly node loses address, Richard Sims
Next by Thread:  Scheduling image backups, Steven Harris
Indexes:  [Date] [Thread] [Top] [All Lists]