I will agree 100% with Ron. Aside from being an administrative nightmare,
it may not be cost effective. Depending on how many $50.00 to $100.00
solutions you need to purchase, it may make more sense to get a modem bank
and protect that with something like SecureLogix "Telewall"
(www.securelogix.com).
This will create a single point of administration and/or choke point (in the
security world a great point to cut all access in the event of a breach),
thusly increasing your security by allowing you full and direct control of
the policy.
Just my 10 cents.
MD
-----Original Message-----
From: Ron DuFresne [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 04, 2000 9:39 PM
To: Bill Lavalette noc/sec Administrator
Cc: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'
Subject: RE: I need help
This is an administrative and user education nightmare, even in a
smaller setting. A single point of entry/exit, that can be administered is
the key here.
Thanks,
Ron DuFresne
On Fri, 4 Feb 2000, Bill Lavalette noc/sec Administrator wrote:
> Val -
>
> here is some good solid ideas for a situation like yours... and not to
> start the OS wars, Unix/MS,the OS is as secure as the experience
> administering it.
> for NT low budget dialup solution www.signal9.com if you want to catch the
> person use blackice www.netice.com these are low budget solutions to
dialup
> access nets, this will buy you the time to learn about linux firewalls and
> higher end MS Solutions such as realsecure,NT security OS level tweaks
> remove the everyone share on all of your machines you will find that these
> shares are easy prey for legion attacks do a good antivirus scan for bo2k
> and netbus make sure your machines are not sending out a message that they
> are infected sub-7 does this netstat -a is a handy tool to look at
> suspected machines. if money and budget are a issue use a old 486 + Linux
> to do your firewalling 64 to 128 megs of ram will be plenty to handle most
> attacks. there are also dual 56k routers you can use so that your network
> isn't open ended meaning each machine has its own modem. there are a ton
of
> small apps out there that are low budget that may help..... if money is
not
> a issue lets say you have 20 machines if each has a 19.95 dialup account
> you can get a 256k or 512 k DSL line put in that for the same amount
> monthly ,that in itself will save you head aches use NAT and 75% of your
> troubles go away.
>
> hope this helps
>
> Bill Lavalette
> Network Security Administrator
> Network Disaster Recovery Systems
> Dallas Texas NOC
> http://www.ndrs.com
> [EMAIL PROTECTED]
> PH 817.652.3882
> FAX 817.652.3882
>
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED]]
> Sent: Friday, February 04, 2000 1:07 PM
> To: [EMAIL PROTECTED]
> Subject: I need help
>
> I'm a young sys admin working for a small company.
> My job, as it says above, is to provide a reliable and secure network for
> the
> company. That's what i thought i was doing until some as.. broke into the
> network.
> The company network is not connected to the internet. E-mail and Web
> browsing
> are done by using an ISP.
> Beside security features that Windows NT 4.0 offers, is there any other
way
> to protect my network by implementing some sort of a FireWall that I can
> install on every PC that is configured to dial-out? I'm looking for any
> solution that will protect my network and help me catch the as.... that
> broke
> into the network.
>
> I'm up for any recommendation. Thanks for your time.
>
> Val
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
