Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Should FW have DNS name?

from [Harris, Tom] Network Security [Permanent Link]
Subject: RE: Should FW have DNS name?
Date: Fri, 16 Jun 2006 10:00:00 -0600 
A big problem with DNS records for firewalls is that firewall administrator may 
use the DNS entries to access the management functions of the firewall.  If 
your DNS server is compromised it is trivial to change the firewall DNS record 
to another IP address and the attacker now can capture your firewall 
administrator passwords and then own your firewall.
 
Thomas Harris 
Northrop Grumman ISS Site Lead 
GIAC Certified Firewall Analyst (GCFW)
GIAC Certified Intrusion Analyst (GCIA)

________________________________

From: Vladimir Mitiouchev [mailto:vovcia@gmail.com]
Sent: Thu 6/15/2006 6:09 PM
To: eldad gal
Cc: Craig Wright; terry white; firewalls@securityfocus.com
Subject: Re: Should FW have DNS name?




Hi'
I must say that security must build with as many obstacles on the path of an
attacker to your net.
Also there is the concept "security by obscurity".


Don't be silly. As terry wrote, security by obscurity is no security at all.

And, guys, You can kill me, but I really think easy management and
logical structure is more valuable than "securing" firewall by
"hiding" it, or other obscurity stuff.. You want to hide fw? Do it
full transparent, You know, accept&forward without changing TTL or
silently DROP. And do not give him an external IP.

And, damn, You are talking about such a silly things.. You all should
find some real problems.

--
Sincerely Yours,
Vladimir Mitiouchev
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Copy private key VPN 3030, Wyatt, Jon
Next by Date:  RE: Should FW have DNS name?, Cedric Blancher
Previous by Thread:  Re: Should FW have DNS name?, Vladimir Mitiouchev
Next by Thread:  RE: Should FW have DNS name?, Cedric Blancher
Indexes:  [Date] [Thread] [Top] [All Lists]