Re: How to select the firewall
From: Khayman (khayman-nopigbottom@bigfoot.com)Date: 05/30/02
- Next message: Tilman Schmidt: "Re: ICMP Inbound - Block or Not?"
- Previous message: bargepole: "Re: How to get WinRoute to work with advanced firewall"
- In reply to: Duane Arnold: "Re: How to select the firewall"
- Next in thread: Duane Arnold: "Re: How to select the firewall"
- Reply: Duane Arnold: "Re: How to select the firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Khayman" <khayman-nopigbottom@bigfoot.com> Date: Thu, 30 May 2002 11:28:25 GMT
> "Khayman" <khayman-nopigbottom@bigfoot.com> wrote in message
> news:rckJ8.40789$n4.9110426@newsc.telia.net...
> >
> > "Home" <myself20010615@yahoo.com> skrev i meddelandet
> > news:A1RI8.4859$Ed1.1102638@news20.bellglobal.com...
> > > Hi, all
> > > We are going to set up a small business system with a web server
(Apache
> > > Tomcat) providing the Internet access, a file server used as the
storage
> > and
> > > an application server (Weblogic or WebSphere) for the developments.
We
> > want
> > > to put the web server in DMZ and the file and application servers
behind
> > the
> > > firewall. The current main concerns are the pricing and
functionality.
> > We
> > > may not want to buy the hardware to provide the firewall
functionality.
> > At
> > > this moment, we are only interested in the software solutions. Any
> > comments
> > > and recommendations regarding the best layout and firewall software
for
> > the
> > > system will be greatly appreciated.
> > >
> >
> > You said you didn't want to buy a solution, but please consider that
> > anyway - a software solution (esp. running on windows) with a "personal
> > firewall" protecting your business interests is not that good of a
> > solution...
> >
> > Please take a look at www.bbiagent.net and consider buying the cheapest
> > little second hand pentium box you can find, put in two network cards
and
> > you're off - it's linux but it's so easy to setup that there's no excuse
> not
> > doing so...
> > (there are other solutions similar, but bbiagent is really simple to
> setup)
> >
> > How to set it up?
> > I'd recommend two bbiagents (they won't cost you too much anyways) - one
> > protecting/routing your DMZ, only allowing traffic on certain ports, say
> 80
> > and 443 perhaps, the other protecting/routing for your private network's
> > access to the internet.
> > Put the DMZ on a separate IP segment from your private network and you
> will
> > have the standard solution for a DMZ.
> >
> > Good luck,
> >
> > Khay.
> >
"Duane Arnold" <darnold92@Insightbb.com> skrev i meddelandet
news:GZmJ8.116322$L76.198208@rwcrnsc53...
> I am starting to look at the Linux thing just to see what it can do. I
will
> say this about BID. It is not some BS pesonal firewall for the desktop
like
> ZA, Tiny, Outpost, etc., etc. Linux may be a viable soultion, but BID is
> too.
>
Ok, I'm not saying anything bad against BID, never tried it so criticising
it would be quite silly....
The reasons I would prefer an outside firewall are many, just consider
this - if there's some error while starting up your server, let's say some
obscure service can't start and BID (or similar software firewall) fails to
start - then you're in cases a sitting duck.....
What an external firewall in most cases cannot do is to check that outgoing
traffic is not coming from trojan.exe - there's a place where a software
model would be helpful...
You can always go both ways.....
Khay.
- Next message: Tilman Schmidt: "Re: ICMP Inbound - Block or Not?"
- Previous message: bargepole: "Re: How to get WinRoute to work with advanced firewall"
- In reply to: Duane Arnold: "Re: How to select the firewall"
- Next in thread: Duane Arnold: "Re: How to select the firewall"
- Reply: Duane Arnold: "Re: How to select the firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
