Re: Stripped out system for browsing

From: John Elsbury (johne@snospam.sovereign.co.nz)
Date: 11/29/02

• Next message: Rohit Dhawan: "Looking at the typed password"
• Previous message: JayMore: "Re: How to do HTTP authentification "digest" method ?"
• In reply to: craig: "Stripped out system for browsing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: johne@snospam.sovereign.co.nz (John Elsbury)
Date: Thu, 28 Nov 2002 23:15:11 GMT

On 28 Nov 2002 12:15:09 -0800, craig.athome@virgin.net (craig) wrote:

>Hi Security folks,
>
>Hope you don't mind me drawing on your vast knowledge again. You've
>never failed me yet! At work we are going to set up a physically
>seperate network (from our main LAN) for web browsing.
>
>I would like to use severely minimized systems for this - no
>unneccesary applications or functionality. Anyone know of a good
>resource covering such an approach, or have any advice ? I'm not much
>of a Linux user yet, although I'm trying to find time to be! but I was
>thinking Linux might be a good bet.
>
>Any advice gratefully recievied...

Why bother? If there is an air gap between this network and your LAN
then who cares if the PCs get trashed - just make Ghost images before
you deploy them and then, if they get a virus (or whatever), then
rebuild from scratch.

You still want to have them inside a firewall, though, so that if any
gets compromised - say, somebody sets up a mail relay on one of them -
then you don't go blasting out spam from your IP range - this will get
you into all sorts of strife. Just allow http and nntp traffic
through for surfing, webmail, and newsgroups.

You may want to set the PCs up without recordable media (no diskettes
or CD writers/readers, no USB ports, no parallel ports, no serial
ports) to minimise the chances of information flowing in or out, and
arriving in / being stolen from your LAN.

---

• Next message: Rohit Dhawan: "Looking at the typed password"
• Previous message: JayMore: "Re: How to do HTTP authentification "digest" method ?"
• In reply to: craig: "Stripped out system for browsing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Remote Desktop Connect to client wont work ... You say you have tried this from the server, and I assume it did not work ... I suppose that RWW and VPN have ports open and forwarded to the ... LAN Server. ... If it works inside the LAN then the local PCs ... (microsoft.public.windows.server.sbs) Free-lance - office move stuff-o-rama ... Back up data on critical PCs ... I'm leaning towards setting up a Samba Server, ... Verify that LAN cable is installed. ... LAN printers are on lease. ... (Debian-User) Re: How to create a Matlab cluster with 8 PCs ... How do I go about creating the cluster? ... My problem is I have no idea how to create a cluster first out of those PCs. ... Typically the hardware consists of a router and ethernet cables. ... Then you will need an additional cable to connect your campus LAN to ... (comp.soft-sys.matlab) Re: iptables configuration ... >> that if a 'virus/trojan' initiated a connection to the net, the firewall ... >> would not protect the LAN. ... The LAN is NATed with private IPs to one public IP. ... the ports that are used by services running on linux. ... (comp.os.linux.security) alg.exe ... ich habe ein kleines LAN mit Router, ... Ports habe ich mir leider nicht notiert (meine aber, vierstellig, evtl. ... Gegenstelle war natürlich eine WAN-Adresse (also ... 'Application Layer Gateway Service' und womit muß ich jetzt rechnen? ... (microsoft.public.de.security.netzwerk.sicherheit)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(13)