NYCPHP Meetup

NYPHP.org

[nycphp-talk] Secure (XML-RPC) connection

Faber Fedor faber at linuxnj.com
Wed Mar 24 11:34:57 EST 2004


On Wed, Mar 24, 2004 at 11:25:28AM -0500, Chris Bielanski wrote:
> My comment might be a little misleading - what I meant is "allow traffic in
> and out for specific IP addresses" I figure this might be under IP
> Filtering, if it's there at all?

>From what I can tell the "IP Filtering" is for allowing internal
machines to go out.  I want one that limits IPs coming in.

> > 443, 80, it doesn't matter which port is open.  What matters 
> > is *A* port is open.
> 
> True, but then likely so is 53 for DNS, 3306 for MySQL, and probably a few
> others, despite your precautions. 

Not on my networks. :-)  The webserver is outside the firewall and has
all those ports open.  Everything else is behind the firewall and
*NOTHING* is open on that firewall. 

> So I'm going to restate the standing question:
> How can you prevent someone from stealing all the chickens once they've made
> it past the firewall and into the henhouse?

If they get inside the firewall, they've got access to the internal
network and all bets are off. That's why I'm trying to keep them from
getting through the firewall.

-- 
 
Regards,
 
Faber                     

Linux New Jersey: Open Source Solutions for New Jersey
http://www.linuxnj.com






More information about the talk mailing list