[Fwbuilder-discussion] Should FW have DNS name?
Brought to you by:
mikehorn
Menu
▾
▴
[Fwbuilder-discussion] Should FW have DNS name?
|
From: Ross, J. B. <jus...@nm...> - 2006-06-10 04:54:24
|
The one issue I can see with having a firewall in DNS (and accessed via a name) is that potentially your DNS/SMB server could be cache poisoned or otherwise manipulated and the "bad guy" could set up a mimic of your server and capture authentication attempts; of course strong authorization/encryption defenses would likely thwart such an attempt, but there are many people who still use telnet/weak passwords to manage their devices (or http to manage their firewalls). Using a name over an IP address does add more risk, albeit small.=20 =20 JR ________________________________ From: wiqd [mailto:wi...@co...]=20 Sent: Friday, June 09, 2006 13:13 To: fir...@se...; fwb...@li... Subject: Re: [Fwbuilder-discussion] Should FW have DNS name? Bill Smith wrote:=20 What I meant was, does it not make it easier for the hacker? If fqdn is not assign, it takes the hacker longer to hack. =09 Bill =09 ted creedon <tcr...@ea...> <mailto:tcr...@ea...> wrote:=20 My firewall has a dns name + dhcp address. Works fine. There is a shell script that Linux runs when the dhcp address changes. =09 tedc =09 =09 ________________________________ From: fwb...@li... [mailto:fwb...@li...] On Behalf Of Bill Smith Sent: Friday, June 09, 2006 3:43 AM To: Firewall@SecuriryFocus; fwb...@li... Subject: [Fwbuilder-discussion] Should FW have DNS name? =09 Hi Folks, =09 Should FW has DNS name? If it does, what is the implication? =09 Plz comment. =09 Bill Having an A record pointing a name to your firewalls IP address is not going to help any hacker do anything except perhaps remember where your firewall is on the internet, especially if you have a dynamic IP address. Its not going to give anyone any elevated priveledge through your firewall into your network, or directly /to/ you firewall. Just dont give it a name that has any relation to versions or types of firewall software that you are running. firewall.company.com would do no harm.... regards, Greg |