Highest Voted 'firewalls' Questions - IT Security Stack Exchange

125

votes

5 answers

Is it a bad idea for a firewall to block ICMP?

This question was inspired by this answer which states in part: The generic firewall manifest file finishes off by dropping everything I didn't otherwise allow (besides ICMP. Don't turn off ICMP). But, is it truly a good practice for a firewall to…

network firewalls icmp

asked Oct 17 '12 at 01:57

Justin Ethier

1,938
3
14
20

123

votes

5 answers

Should SSL be terminated at a load balancer?

When hosting a cluster of web application servers it’s common to have a reverse proxy (HAProxy, Nginx, F5, etc.) in between the cluster and the public internet to load balance traffic among app servers. In order to perform deep packet inspection,…

tls network firewalls

asked Feb 06 '13 at 19:55

Matt Goforth

1,233
2
9
5

101

votes

5 answers

Someone is trying to brute-force(?) my private mail server... very... slowly... and with changing IPs

This has been going on for about 1-2 days now: heinzi@guybrush:~$ less /var/log/mail.log | grep '^Nov 27 .* postfix/submission.* warning' [...] Nov 27 03:36:16 guybrush postfix/submission/smtpd[7523]: warning: hostname bd676a3d.virtua.com.br does…

attacks firewalls brute-force

asked Nov 27 '17 at 07:22

Heinzi

2,914
2
21
25

90

votes

10 answers

Why do people tell me not to use VLANs for security?

I have a network, where a have a couple of VLANS. There is a firewall between the 2 VLANs. I am using HP Procurve switches and have made sure that switch-to-switch links accept tagged frames only and that host ports don't accept tagged frames (They…

network firewalls vlans

asked Jan 10 '11 at 08:47

jtnire

1,001
1
8
3

79

votes

5 answers

What techniques do advanced firewalls use to protect againt DoS/DDoS?

It is hard to protect a server against Denial of Service attacks, DoS/DDoS. The two simple ways I can think of is to use a server with much resources (e.g. CPU and memory), and to build the server application to scale-up very well. Other protection…

attack-prevention network firewalls ddos

asked Nov 12 '10 at 00:28

Jonas

5,063
7
32
35

75

votes

8 answers

If we are behind a firewall, do we still need to patch/fix vulnerabilities?

I have recently joined a security focused community in my organisation. Many of our products are deployed in the intranet (on-premise) nothing in the public cloud. So, the internal portals can be accessed within the organisation's network…

firewalls patching

asked Nov 20 '17 at 08:39

Rakesh N

851
1
6
6

71

votes

12 answers

Why block outgoing network traffic with a firewall?

In terms of a home network, is there any reason to set up a router firewall so that all outgoing ports are blocked, and then open specific ports for things such as HTTP, HTTPS, etc. Given that every computer on the network is trusted, surely the…

network firewalls hardening

asked Nov 21 '12 at 12:17

Alex McCloy

813
1
7
5

68

votes

7 answers

With IPv6 do we need to use NAT any more?

I'm wondering how to use NAT with IPv6. Seems that you don't even need it any more. So what exactly is the concept behind firewall configurations in IPv6 environments?

network firewalls ip ipv6 nat

asked Oct 18 '13 at 17:40

JaafarMehrez

799
1
6
5

67

votes

5 answers

Advised to block all traffic to/from specific IP addresses

My CFO received an email from a director at a financial institution advising that all traffic (inbound and outbound) from certain IP addresses should be blocked at the firewall. The director at the financial institution was advised by his IT…

firewalls social-engineering

asked Sep 10 '18 at 14:43

upsidedowncreature

761
1
5
7

63

votes

8 answers

How do you explain to experts that a database server should not reside in the DMZ?

Our security experts, database administrators, network team and infrastructure team are all saying it's OK to have the database server located in the DMZ along with the HTTP server and middle-ware server. Their reason: If the database server is…

firewalls databases architecture dmz

asked Nov 27 '14 at 11:32

bruce bana

633
1
5
7

50

votes

7 answers

How to bypass tcpwrapped with nmap scan

I ran a scan with nmap -n -vv -A x.x.x.x --min-parallelism=50 --max-parallelism=150 -PN -T2 -oA x.x.x.x With the following result: Host is up (0.032s latency). Scanned at 2012-10-25 16:06:38 AST for 856s PORT STATE SERVICE VERSION 1/tcp …

firewalls nmap

asked Oct 30 '12 at 23:43

KING SABRI

675
1
5
6

45

votes

7 answers

Port Knocking is it a good idea?

Normally for a server I like to lock down SSH and other non-public service to only be accessible by certain IP addresses. However this is not always practical if the business doesn’t have static IP addresses or if outside developers need access. I…

network firewalls port-knocking

asked Dec 16 '10 at 17:22

Mark Davidson

9,367
6
43
61

41

votes

8 answers

Are two firewalls better than one?

Let's say that our first firewall has some vulnerability and a malicious person is able to exploit it. If there's a second firewall after it, he/she should be able to stop the attack, right? Also, what will be the side-effects? I mean, would this…

firewalls

asked Jul 01 '14 at 16:40

user3395407

609
1
5
8

41

votes

6 answers

Difference between IDS and IPS and Firewall

The differences between an IDS and a firewall are that the latter prevents malicious traffic, whereas the IDS: Passive IDS: the IDS only reports that there was an intrusion. Active IDS: the IDS also takes actions against the issue to fix it or at…

firewalls ids

asked Nov 04 '13 at 23:10

The Illusive Man

10,487
16
56
88

37

votes

4 answers

Is there any meaning in only allowing port 80 and 443 today?

It's become standard fare for security minded organisations to block everything other than 80 and 443. As a result, more and more applications (other than web browsers) are learning to use these ports for their needs too. Naturally malicious…

network firewalls ports

asked Dec 23 '14 at 18:38

Milind R

479
1
4
5

Questions tagged [firewalls]