DMZ Design and Functionality

• Previous message: chort: "Re: Best IP configuration for OpenBSD firewall/router"
• Next in thread: David Gillett: "RE: DMZ Design and Functionality"
• Reply: David Gillett: "RE: DMZ Design and Functionality"
• Maybe reply: Meidinger Chris: "RE: DMZ Design and Functionality"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 18 Aug 2003 19:52:40 -0000
To: security-basics@securityfocus.com

Forgive me if these questions are too basic but I am relatively new to
this. I am the network administrator at my company and over the past year
have become aware of a need for increased security. I have been reading
posts here in hopes of learning more about this. While I have learned
considerable amounts, and have searched for answers elsewhere, I am still
in need of guidance. Any help or direction would be greatly appreciated.
I am open to reading any books that one might recommend. I have seen a
few books out there but not sure which are worthwhile.

Anyway, my background information is this:
I wanted to install a DMZ at 2 of my company's locations. I do have a
limited budget so I was planning on using OpenBSD for my first tier
firewall. I do have a hardware based firewall in place currently which I
was planning on using as my second tier firewall.
My initial plan is to build a machine using OpenBSD that does nothing but
firewall. Additionally, I wanted to add another machine to run
Sendmail/SpamAssassin and an an anti-virus software. On this I was hoping
to run Redhat as this is what I am most knowledgeable on. My thought
behind this was to block spam, of course, and also run a gateway anti-
virus solution that would block viruses coming from websites and
employee's personal e-mail accounts. This due to the fact that I have
seen a number of viruses coming in from either their 'webmail' or through
their Outlook Express. I wish to set up an ftp server and webserver to
facilitate OWA. Additionally I would like to make available VPNs and
encrypt all data transmitted over remote connections. Remote connections
may consist of a MS RAS and Citrix.

With this information my questions are:

1. To begin, does this sound like an acceptable solution?
2. How do I size the machine that I am going to run OpenBSD? I have read
that a DMZ will slow performance down some. If I have a fast enough
machine will it aid performance? At what point is overkill when running
OpenBSD.
3. How do I size the machine that will be running Redhat, Sendmail and
SpamAssassin? Is this configuration acceptable? Should the Anti-virus
software be running on a separate machine?
4. What open source options to I have for encryption and VPNs?
5. Are there any potential problems running this configuration? Does
everything mentioned here play nice together? Would you change anything
here and if so why?

Many thanks in advance.

Dana

---------------------------------------------------------------------------
----------------------------------------------------------------------------

• Previous message: chort: "Re: Best IP configuration for OpenBSD firewall/router"
• Next in thread: David Gillett: "RE: DMZ Design and Functionality"
• Reply: David Gillett: "RE: DMZ Design and Functionality"
• Maybe reply: Meidinger Chris: "RE: DMZ Design and Functionality"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]