Educause Security Discussion mailing list archives

Re: firewall holes for particular machines

From: Zach Jansen <zjanse20 () CALVIN EDU>
Date: Thu, 14 May 2009 10:11:57 -0400

Wouldn't it be better to run these applications through a proxy, such as squid, instead?

Zach Jansen
-- 

Zach Jansen
Information Security Officer
Calvin College
Phone: 616.526.6776
Fax: 616.526.8550

On 5/13/2009 at 1:24 PM, in message <200905131224.13916.carn0048 () umn edu>,

Megan Carney <carn0048 () UMN EDU> wrote:

I echo all the concerns already mentioned, but there are cases where your 
hands are tied.  Windows updates as well as some other software are 
akamaized, 
meaning IP-based restrictions aren't possible without opening a very wide 
hole.

In those cases, DNS seems to be the better choice.

Current thread:

Re: firewall holes for particular machines, (continued)
- Re: firewall holes for particular machines Chris Schenk (May 13)
- Re: firewall holes for particular machines Brian Kaye (May 13)
- Re: firewall holes for particular machines Di Fabio, Andrea (May 13)
- Re: firewall holes for particular machines F.M. Taylor (May 13)
- Re: firewall holes for particular machines Kevin Wilcox (May 13)
- Re: firewall holes for particular machines Chris Green (May 13)
- Re: firewall holes for particular machines David Gillett (May 13)
- Re: firewall holes for particular machines Gary Flynn (May 13)
- Re: firewall holes for particular machines Megan Carney (May 13)
- Re: firewall holes for particular machines leo song (May 14)
- Re: firewall holes for particular machines Zach Jansen (May 14)
- Re: firewall holes for particular machines Kevin Wilcox (May 14)
- Re: firewall holes for particular machines Megan Carney (May 14)
- Re: firewall holes for particular machines Jason Frisvold (May 15)