LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] Mail-Server

[ILUG] Mail-Server

Conor Wynne mariconor at gmail.com
Thu Apr 30 13:52:10 IST 2009 

Conor Daly wrote:
> On Thu, Apr 30, 2009 at 12:49:05PM +0100 or so it is rumoured hereabouts, 
> Conor Wynne thought:
>   
>> Frank Murphy (Frankly3D) wrote:
>>     
>>> On 30/04/09 11:13, Conor Daly wrote:
>>>
>>>       
>>>> I use a separate internet-facing mail server at home in a de-militarised
>>>> zone (DMZ) off the firewall rather than allowing a connection directly
>>>> into my home server from the net.
>>>>         
>>> There is a dmz setting in the netgear
>>>       
>
> This is of no use (I think) unless it routes to a separate ethernet port which is
> not allowed access to the LAN.
>
>   
>>> Email gets from that into the home
>>>       
>>>> network by pull rather than push so the internet-facing server has no
>>>> way
>>>> of getting into the home network by itself.
>>>>         
>>> and this is secure\safe
>>>       
>> There is no such thing as secure\safe on an internet facing machine.
>> Everything can be hacked given enough time.
>> A DMZ will provide some security, but if hacked, then your foobarred.
>> The attacker no longer even requires making inbound connections,
>>     
>
> How do you mean?  In my case, the firewall allows no connections from DMZ
> to LAN.  Any traffic between them originates from within the LAN.  If my
> DMZ machine is cracked, it will suffer but my LAN shouldn't.
>   

I read this the other day on el reg:
http://www.theregister.co.uk/2009/04/24/most_dangerous_exploits/

"If the bad guy can get control of one of your DMZ machines, he doesn't
need to make inbound connections there anymore," Skoudis said during a
panel at the RSA security conference. "Instead, he can make outbound
connections that effectively give him inbound access on your internal
network."

I'm not security "expert", but I know enough to get me in (and hopefully
out) of trouble ;-0
For a home setup, is a DMZ really necessary? That is what I was
referring to.

If going down the DMZ route, you still need to heavily secure it, only
allowing absolutely required services, and locking them down.

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell