Educause Security Discussion mailing list archives

Re: firewall holes for particular machines

From: leo song <song () UOGUELPH CA>
Date: Thu, 14 May 2009 08:27:25 -0400

What apps requite to change IP addresses frequently?

-
Leo Song, Cluster Lead - Networking and Security
(519) 824-4120 x 53181 CCS, University of Guelph




On Wed, 2009-05-13 at 09:27 -0500, Kevin Shalla wrote:

I've been working with some people to set up firewall rules to allow
particular IP addresses.  We're going to be changing many IP
addresses soon, but keeping the same hostnames for them, so I
suggested setting the firewall rules to use hostnames instead, so
that there would be no downtime, and less maintenance the next time
IP addresses change.  My thinking is that there isn't much security
that's added by using IPs instead of hostnames, and using hostnames
would slightly increase the processing needed, but hostnames are more
convenient.  Am I missing something?

Current thread:

firewall holes for particular machines Kevin Shalla (May 13)
- <Possible follow-ups>
- Re: firewall holes for particular machines Chris Schenk (May 13)
- Re: firewall holes for particular machines Brian Kaye (May 13)
- Re: firewall holes for particular machines Di Fabio, Andrea (May 13)
- Re: firewall holes for particular machines F.M. Taylor (May 13)
- Re: firewall holes for particular machines Kevin Wilcox (May 13)
- Re: firewall holes for particular machines Chris Green (May 13)
- Re: firewall holes for particular machines David Gillett (May 13)
- Re: firewall holes for particular machines Gary Flynn (May 13)
- Re: firewall holes for particular machines Megan Carney (May 13)
- Re: firewall holes for particular machines leo song (May 14)
- Re: firewall holes for particular machines Zach Jansen (May 14)
- Re: firewall holes for particular machines Kevin Wilcox (May 14)
- Re: firewall holes for particular machines Megan Carney (May 14)
- Re: firewall holes for particular machines Jason Frisvold (May 15)