On Wed, Feb 21, 2001 at 12:50:54PM +0000 or so it is rumoured hereabouts,
Dave Airlie thought:
>> Firewall/dialup box should always be a separate box from the
> web/mail/samba servers... 486 should be good enough for most FW tasks...
>> I'm not saying you can't secure everything on one box.. but it is a
> nightmare... last place I did this I use a 486DX33 to route mail and
> firewall, and an internal server to the processing mail/samba etc..
>> Dave.
>I go with the 486 firewall solution also. BTW, I had this idea of making
the firewall box as untrusted as possible on the rest of the network as an
extra layer of security (ie. if the firewall cannot telnet to any other
box on the LAN it cannot do much and so on.). The idea being that if the
firewall is compromised, the rest of the network is inaccessible from it
anyhow. Or am I just dreaming? All the other boxen look to this as their
gateway and internet router.
--
Conor Daly <conor.daly at oceanfree.net>
Domestic Sysadmin :-)
---------------------
faenor.cod.ie
8:12pm up 121 days, 2:40, 0 users, load average: 0.00, 0.02, 0.00
Hobbiton.cod.ie
8:18pm up 26 days, 10:07, 1 user, load average: 0.00, 0.00, 0.00
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
