Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: firewall holes for particular machines

From: Brian Kaye <bdk () UNB CA>
Date: Wed, 13 May 2009 11:38:04 -0300
Are you talking about an institutional firewall or host based firewalls?

Would you be doing a DNS query for every packet that arrives? Even if an
intelligent scheme is used this would be a big load on the hosts, the
firewall and the DNS.

......Brian Kaye
......UNB

On Wed, 13 May 2009, Kevin Shalla wrote:


Date: Wed, 13 May 2009 09:27:53 -0500
From: Kevin Shalla <kshalla () UIC EDU>
Reply-To: The EDUCAUSE Security Constituent Group Listserv
    <SECURITY () LISTSERV EDUCAUSE EDU>
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] firewall holes for particular machines

I've been working with some people to set up firewall rules to allow
particular IP addresses.  We're going to be changing many IP addresses soon,
but keeping the same hostnames for them, so I suggested setting the firewall
rules to use hostnames instead, so that there would be no downtime, and less
maintenance the next time IP addresses change.  My thinking is that there
isn't much security that's added by using IPs instead of hostnames, and using
hostnames would slightly increase the processing needed, but hostnames are
more convenient.  Am I missing something?
Previous By Date Next
Previous By Thread Next

Current thread: