|
[Veritas-bu] Still Another Question on Firewalls, Ports and Security
2001-01-04 11:12:35
|
Subject: |
[Veritas-bu] Still Another Question on Firewalls, Ports and Security |
|
From: |
Dennis Dwyer dfdwyer AT tecoenergy DOT com |
|
Date: |
Thu, 04 Jan 2001 11:12:35 -0500 |
I'm not sure what ALLOW_NON_RESERVED_PORTS buys me. Sure, it allows use of
ports 1024 - 5000 but that's even more than the 512 I'm trying to whittle down.
Perhaps I don't understand what Non-Reserved ports are. The NetBackup
documentation doesn't do a real good job of explaining them or their use. If
someone can sum them up for me in a nutshell and give a good example of why one
might use them, that would be very beneficial to me (and probably others). If I
still have to define the 1024 - 5000 ports to the firewall security software
... I just don't get it.
Regards,
Dennis
Quote: "Time is not a test of the truth"
Translation: Just because you've always done it that way doesn't make it right
Dennis F. Dwyer
Enterprise Storage Manager
Tampa Electric Company
(813) 225-5181 - Voice
(813) 275-3599 - FAX
Visit our corporate website at www.tecoenergy.com
>>> "McMurphy, Tim" <Tim.McMurphy AT cdcgy DOT com> 01/04/01 10:49AM >>>
ALLOW_NON_RESERVED_PORTS option may be what you are looking for
-----Original Message-----
From: Dennis Dwyer [mailto:dfdwyer AT tecoenergy DOT com]
Sent: 04 January, 2001 8:35 AM
To: veritas-bu AT mailman.eng.auburn DOT edu
Subject: [Veritas-bu] Still Another Question on Firewalls, Ports and
Security
I think I'm pretty clear now on which ports have to be accommodated within
the firewall to allow NetBackup connections but there is still one question
floating around out there that begs answering ...
"Is there a way to limit which ports NetBackup will use (something less than
the complete 512 to 1024 range) thereby insuring that a minimum number of
ports will have to be defined to the firewall software?"
My security guys are having a baby buffalo at the notion of allowing
NetBackup to have 512 ports available for use. I personally don't know if
that number is good or not nor if it represents a real security concern.
They are more interested in a total number of available ports being 25 - 50.
And oh by the way, they want to choose the range as well (ie; 1000 - 1024).
Any information would be greatly appreciated. I suspect that if the answer
is "You can't do it that way" They'll set me up with the 512 - 1024 range.
But hey ... I gotta at least say I asked.
Regards,
Dennis
"Time is not a test of the truth"
Translation: Just because you've always done it that way, doesn't make it
right
Dennis F. Dwyer
Enterprise Storage Manager
Tampa Electric Company
(813) 225-5181 - Voice
(813) 275-3599 - FAX
Visit our corporate website at www.tecoenergy.com
_______________________________________________
Veritas-bu maillist - Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
|
|
|
