Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Question regarding rules and grouping best practices in Check Point

from [David.Menard] Network Security [Permanent Link]
Subject: Question regarding rules and grouping best practices in Check Point
Date: Thu, 17 Nov 2005 08:52:56 -0500 
This might be an academic question.  What is the best practice for this 
scenario?  If you have for example 3 servers each running an application, the 
same application but different ports.  Microsoft SQL as the application with 
ports 1433 to 1439.  
 
Would you create separate rules for each, or group them together?  They are in 
the same subnet.  A visual diagram below:
 
Source        Destination        Service
server1        dbserver3          sqlportrangegroup  
server2        dbserver4
server3        dbserver1
 
-- OR --
 
Source        Destination        Service
server1        dbserver3        sqlport1437
 
server2        dbserver4        sqlport1433
 
server3        dbserver1        sqlport1438
 
In other words, to me it is simpler, more flexible to group all servers by 
service or function as in this case for SQL.  Or should you have a rule for 
each server.  This would isolate the server possibly from the other servers and 
other ports?
 
Any thoughts or opinions is appreciated.
 
Dave Ménard
 
********************************************************
The information contained in this message may be privileged and confidential 
and protected from disclosure. If the reader of this message is not the 
intended recipient, or an employee or agent responsible for delivering this 
message to the intended recipient, you are hereby notified that it is strictly 
prohibited (a) to disseminate, distribute or copy this communication or any of 
the information contained in it, or (b) to take any action based on the 
information in it. If you have received this communication in error, please 
notify us immediately by replying to the message and deleting it from your 
computer.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: PIX 515E, Thomas F. Szabo
Next by Date:  RE: Blocking Skype, Stejerean, Cosmin
Previous by Thread:  Testing Tools, support
Next by Thread:  RE: Question regarding rules and grouping best practices in Check Point, Pablo Hauser
Indexes:  [Date] [Thread] [Top] [All Lists]