Re: Replaced NT 4 Server with Linux
From: Alfonso (lighthere_xxx@libero.it)
Date: 03/20/03
- Next message: ecu: "NETOPIA R910 and freeswan"
- Previous message: Sed: "another ptrace exploit"
- In reply to: Khayman: "Re: Replaced NT 4 Server with Linux"
- Next in thread: Khayman: "Re: Replaced NT 4 Server with Linux"
- Reply: Khayman: "Re: Replaced NT 4 Server with Linux"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Alfonso" <lighthere_xxx@libero.it> Date: Thu, 20 Mar 2003 18:02:35 +0100
"Khayman" <khayman_psp@yaho.se> ha scritto nel messaggio
news:Xns9344A7895ADBEkhaymanpspyahose@217.209.241.185...
> >> (eth2: ->DMZ)
> > i have to installi another ethernet card (right?)
> Well, if you want a DMZ setup, yes.
Maybe later when i will be more confidential with linux.
My furure intention is to connect this LAN to a remote LAN via HDSL on the
Cisco both with the same configuration i'm doing now with your help.
> Well, the main idea is limitation - a firewall should have as little as
> possible on it, in order to limit the risks of it. Also, if you have a
> server with all kinds of important goodies on it, being able to block it
> off by a second line of defense (the Linux firewall machine you don't
> have/want) can only be good... Defense should be in depth.
> > If you trust your Cisco router, then fine.
... you got the problem :) . i cannot control the Cisco, it is remotely
administrated by my ISP.
Untill now it didn't give me problems, but i want more control on it, on
what pass trought my ADSL connection.
> The manuals you have read about a second interface are all about setting
> up a dedicated linux machine as a firewall/router sitting behind your
> router and keeping track of connections, running IDS's, etc - your Cisco
> router does pretty much the same work, but in a somewhat limited way.
Yes, all the clients are seen outside with the Cisco dinamic public IPs
> But since you said that you were not happy with your clients all
> accessing the internet directly through the router (as you have it right
> now), this would be one way to increase your level...
you got it.
> Building safe networks is more or less an art - many companies do like
> you have it right now, just a router protecting them - and guess what,
> Cisco routers *can* be cracked/bypassed/tricked.
I read that, but my isp should fix it....but i cannot verify it
>That's when your own
> firewall box hopefully keeps your server safe and alerts you that
> something made a boo-boo..
I think that if someone want to break into my system he should probe it
(scan it, do non-standard things, etc)
and if i can set the box up well with a full and working log system i could
stop it or at least try to stop. (i hope)
> There are enormous amount of information on the web on how to do this,
> from the top of my head I would recommend the firewall instructions at
> http://www.shorewall.net/.
the Mandrake distro already installs shorewall, but i'm approaching the
problem reading about IPTABLES (ex IPCHAINS)
should i start directly with shorewall?
>
> Khay.
Thanks a lot for your help
Your advices are always welcome.
Lighthere
- Next message: ecu: "NETOPIA R910 and freeswan"
- Previous message: Sed: "another ptrace exploit"
- In reply to: Khayman: "Re: Replaced NT 4 Server with Linux"
- Next in thread: Khayman: "Re: Replaced NT 4 Server with Linux"
- Reply: Khayman: "Re: Replaced NT 4 Server with Linux"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
