Micronet Mail Archive: RE: Re: [Security] Newest Symantic Securi

From: Blaine Isbelle <bisbelle_at_berkeley.edu>
Date: Wed May 11 2005 - 06:06:13 PDT

If IP address restrictions are not sufficient to allow access to email
relays, how can they be sufficient to allow access through firewalls?

Thanks,

Blaine Isbelle
Systems Administrator
Central Computing Services
University of California
(510) 642-8495 FAX: (510) 643-5384

-----Original Message-----
From: owner-ucb-security@lists.berkeley.edu
[mailto:owner-ucb-security@lists.berkeley.edu] On Behalf Of Ryan L. Means
Sent: Tuesday, May 10, 2005 1:42 PM
To: Tom Holub
Cc: ucb-security@lists.berkeley.edu; micronet-list@listlink.berkeley.edu
Subject: Re: [Micronet] Re: [Security] Newest Symantic Security Software

Tom,

CISC did approve changes to the implementation guide that required holes for
the SNS scanners as part of a "correct configuration". Note that the
language of the standard specifies that the firewall configuration must be
configured according to the implementing guidelines. My revision of this
page has not been posted to the SNS site yet, but these changes were
approved 4-5 months ago. However, I assume that we'll be discussing this at
our next meeting anyway, so maybe it won't make it up there at all.

Ryan

On 5/10/2005 7:50 AM, Tom Holub wrote:

> On Tue, May 10, 2005 at 12:36:49AM -0700, Ryan L. Means wrote:
>
>>However, when CISC talked about allowing SNS to scan through
>>host-based firewalls, I believe that we did weigh the risks. There
>>were people on both sides of the issue, but maybe the right arguments
>>weren't made. The standards are designed to be flexible...
>
>
> As far as I recall, CISC didn't decide to require holes for SNS's
> scanning.
>

--
Ryan L. Means
Chief Technical Officer
School of Law (Boalt Hall)
University of California, Berkeley
-------------------------------------
Sent via the ucb-security mailing list.

------------------------------------------------------------------------
The following was automatically added to this message by the list server:

For information about Micronet, including subscribing to
or unsubscribing from its mailing list and finding out
about upcoming meetings, please visit the Micronet Web site:
<http://micronet.berkeley.edu/>.

application/x-pkcs7-signature attachment: smime.p7s

Received on Wed May 11 06:10:47 2005

This archive was generated by hypermail 2.1.8 : Wed May 11 2005 - 06:10:49 PDT

RE: Re: [Security] Newest Symantic Security Software