[Gllug] Help Needed for windows to linux migration
Andre Newman
gllug at dinkum.org.uk
Mon Oct 20 18:32:58 UTC 2003
>> 1)what type of firewall is recommended ?
<snip>
> Your 2 networks - LAN and DMZ - should run on different IP ranges and be
> routed through a dedicated firewall box with 3 interfaces:
I was just about to say just the same, if your mail server/ dns box gets
rooted you really don't want the evil skript kiddieZ running around on the
internal network. The extra layer of security between the DMZ and the
internal network is a second barrier to attackers hopefully containing
them for long enough for someone to notice and kick them out.
Good security is like Ogres and onions; it has layers.
If it were me doing it I'd have three boxes:
A firewall, IPcop or a stripped down Redhat install with three network cards.
A mail/dns/other internet services box, Redhat with ONLY the services you
actually need installed, I'd probably use Debian but Redhat is fine if you
know your way around it. This would probably be the only server on the
third (DMZ) network card.
Another Redhat server specifically for the file server/ NIS/ LDAP. this is
to keep files in people's home directories well away from anything to do
with the internet.
If you are not sure about how a small scale DMZ is laid out grab a copy of
IPCop as their default DMZ setup is pretty reasonable and you could do
worse than copy their config as a starting point.
The DNS stuff is easy if you use the ipcop as it's configured to do dns
names from dhcp by default, you can enter manual overrides from the
webadmin if you like.
This issounding like an ipcop ad! I'm not involved with the project other
than using it and making the odd suggestion here and there.
Andre
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list