FW: securing a network with nfs
From: Dave Vehrs (davev@spiremedia.com)Date: 08/10/01
- Previous message: Brian Cervenka: "FW: SYN Flooding (fwd)"
- Maybe in reply to: David Johnson: "securing a network with nfs"
- Next in thread: Corey Steele: "Re: securing a network with nfs"
- Next in thread: Mogens Valentin: "Re: securing a network with nfs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Dave Vehrs" <davev@spiremedia.com> To: <focus-linux@securityfocus.org> Subject: FW: securing a network with nfs Date: Fri, 10 Aug 2001 13:48:27 -0600 Message-ID: <000801c121d5$6d58c790$9701010a@spiremedia.com>
It sounds like you are trying to reinvent the DMZ.
Place all externally accessible systems into the DMZ, then instruct the
firewall to only allow traffic from the DMZ hosts to the NFS server on
specific ports/services. Additionally, this keeps your "public" servers
behind the firewall too, so you can limit access to them to only required
services (i.e. http on the web server, pop3/smtp on the mail server. etc.)
Like this:
DMZ Internal Network
------- ------------
| Mail |---- | NFS Server |
------- | ------------
| |
------- ----- ---------- ----------------
| Other |--| HUB |-| Firewall |-| Inside Network |
------- ----- ---------- ----------------
| |
------- | |
| Web |---- |
------- |
--------------
| Outside World |
---------------
This is fairly easy to do with Linux or *BSD, and I would recommend taking a
look at:
Linux Firewalls by R. Ziegler
or
Building Linux and BSD Firewalls by ??
Enjoy!
Dave V.
- Previous message: Brian Cervenka: "FW: SYN Flooding (fwd)"
- Maybe in reply to: David Johnson: "securing a network with nfs"
- Next in thread: Corey Steele: "Re: securing a network with nfs"
- Next in thread: Mogens Valentin: "Re: securing a network with nfs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
