I just looked through the original concept. Thoughts.
1. There is no way someone can break into a debian system given you configure it right. The bastion host can do other things on the side. 2. The use of Linux should be as an advanced firewall. For example IP Defragmentation can protect from most teardrop style attacks. IP masquerading can protect your secure network completely. There is no way to access hosts on the net from the outside yet the hosts on the net have completely transparent acess to the outside. Use ipportfw you can allow access to certain ports on that secure network. Thus you can protect your legacy systems. You need to have lots of tools on the "bastion" in order to do effective packet filtering, logging of violations etc. -- E-mail the word "unsubscribe" to [EMAIL PROTECTED] TO UNSUBSCRIBE FROM THIS MAILING LIST. Trouble? e-mail to [EMAIL PROTECTED] .
