Manualshelf

Installing and Administering PPP

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1 Networking Software
111112113114115116117118119120
Chapter 5 113
Security Techniques
Writing a Stanza - A Complex UDP Example
The condensed version of the rules also requires that rule (4) be modified
to permit proper operation. The modification is required because the
outbound packet has a destination port ‘domain’ , but it is not to or from
the IP address of the domain name server (192.168.199.11). After
removing the IP address restriction, the final set of simplified rules is:
(2) udp/dstport=domain
(5) udp/srcport=domain/dstport=1024-65535
Conclusion
Domain name service offers a strong example of the tradeoff between
functionality and security. It also illustrates the complexity of
maintaining security. The level of service you decide to offer should
strongly affect the rules you use. Your security policy should dictate the
level of service you offer. You should not, in general, let the desired
functionality dictate your security policy.