This is true (creating your firewall op/sys), and has been done as well...
Best Regards, Donald Kelloway
http://www.commodon.com
-----Original Message-----
From: Mikael Olsson <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Sunday, June 20, 1999 2:24 AM
Subject: Re: Why not FireWall-1 on NT?
>
>Yes, you are right, this would make it much more secure.
>
>But if you're going through all the trouble of rolling your
>own IP stack, why bother with running it under NT in the first place,
>when you could just as easily run it on your own miniature operating
>system? That way you'd save $$$ for your customers who won't have
>to buy NT (or any other OS for that matter).
>
>Besides, I like that solution better anyhow, since it keeps
>nitwit admins with a low IT budget from installing 3rd party
>software on the firewall itself. :-)
>
>Regards,
>Mike
>
>Don Kelloway wrote:
>>
>> What you're speaking of, is unfortunately an issue where the firewall
runs
>> on top of MS's IP stack. However, if one were to do the following:
>>
>> 1. Install NT4 as a "stand-alone" server, no IIS, no add-on optional
>> applications (not even calculator)
>> 2. Install the 2nd NIC and insure that it works. Insure that "IP
forwarding"
>> is not enabled.
>> 3. Apply SP3 (min). Reboot
>> 4. Apply your favorite reg hacks to tighten it further.
>> 5. Go to Network Properties and "unbind" the 2nd NIC. Reboot
>> 6. Go back to Network Properties | Protocols and remove all but the
TCP/IP
>> protocol.
>> 7. Click TCP/IP protocol, don't use WINs, don't use LMHOSTS, don't use
DNS.
>> 8. Then go to the Services tab, remove all of them. This includes
>> Workstation, Server, all of it. Reboot
>> 9. Then go to Control Panel | Services and set the Startup option for
>> everything 'cept Event Log, Plug and Play, and RPC to "disabled". Reboot
>> 10. Install a firewall, one that binds it's own IP stack to the external
>> NIC.
>>
>> The end-result? A pretty darned secure installation, if you ask me...
>>
>> Best Regards, Donald Kelloway
>> http://www.commodon.com
>>
>
>--
>Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 �RNSK�LDSVIK
>Phone: +46-(0)660-105 50 Fax: +46-(0)660-122 50
>WWW: http://www.enternet.se E-mail: [EMAIL PROTECTED]
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
