RE: DMZ Design and Functionality

• Previous message: DeGennaro, Gregory: "RE: Best IP configuration for OpenBSD firewall/router"
• In reply to: Dana Rawson: "DMZ Design and Functionality"
• Next in thread: Meidinger Chris: "RE: DMZ Design and Functionality"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "'Dana Rawson'" <absolutezero273c@nzoomail.com>, <security-basics@securityfocus.com>
Date: Mon, 18 Aug 2003 15:57:10 -0700

  For a beginner, you've chosen a rather advanced approach.

  I think that for your anti-virus box to do what you hope,
it's going to need to be a proxy. And so what you have is
not so much a DMZ as three firewall layers between your
users and the Internet. Two (a proxy and a stateful packet
filter) is more than most civilian sites require.

David Gillett

> -----Original Message-----
> From: Dana Rawson [mailto:absolutezero273c@nzoomail.com]
> Sent: August 18, 2003 12:53
> To: security-basics@securityfocus.com
> Subject: DMZ Design and Functionality
>
> Forgive me if these questions are too basic but I am
> relatively new to this. I am the network administrator at
> my company and over the past year have become aware of a
> need for increased security. I have been reading posts here
> in hopes of learning more about this. While I have learned
> considerable amounts, and have searched for answers
> elsewhere, I am still in need of guidance. Any help or
> direction would be greatly appreciated. I am open to
> reading any books that one might recommend. I have seen a
> few books out there but not sure which are worthwhile.
> Anyway, my background information is this: I wanted to
> install a DMZ at 2 of my company's locations. I do have a
> limited budget so I was planning on using OpenBSD for my
> first tier firewall. I do have a hardware based firewall in
> place currently which I was planning on using as my second
> tier firewall. My initial plan is to build a machine using
> OpenBSD that does nothing but firewall. Additionally, I
> wanted to add another machine to run Sendmail/SpamAssassin
> and an an anti-virus software. On this I was hoping to run
> Redhat as this is what I am most knowledgeable on. My
> thought behind this was to block spam, of course, and also
> run a gateway anti- virus solution that would block viruses
> coming from websites and employee's personal e-mail
> accounts. This due to the fact that I have seen a number of
> viruses coming in from either their 'webmail' or through
> their Outlook Express. I wish to set up an ftp server and
> webserver to facilitate OWA. Additionally I would like to
> make available VPNs and encrypt all data transmitted over
> remote connections. Remote connections may consist of a MS
> RAS and Citrix. With this information my questions are: 1.
> To begin, does this sound like an acceptable solution? 2. How
> do I size the machine that I am going to run OpenBSD? I have
> read that a DMZ will slow performance down some. If I have
> a fast enough machine will it aid performance? At what
> point is overkill when running OpenBSD. 3. How do I size the
> machine that will be running Redhat, Sendmail and
> SpamAssassin? Is this configuration acceptable? Should the
> Anti-virus software be running on a separate machine? 4.
> What open source options to I have for encryption and VPNs?
> 5. Are there any potential problems running this
> configuration? Does everything mentioned here play nice
> together? Would you change anything here and if so why?
> Many thanks in advance. Dana
>
> --------------------------------------------------------------
> -------------
> --------------------------------------------------------------
> --------------
>

---------------------------------------------------------------------------
----------------------------------------------------------------------------

• Previous message: DeGennaro, Gregory: "RE: Best IP configuration for OpenBSD firewall/router"
• In reply to: Dana Rawson: "DMZ Design and Functionality"
• Next in thread: Meidinger Chris: "RE: DMZ Design and Functionality"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]