This is probably the best advice so far, IMO. Setup your firewall (using
whatever you decide) having it connected to the Internet as little as
possible until basic security is established. Then put it in place between
your home network and DSL connection. Rebuild all your systems from scratch
one at a time with all others that are not rebuilt disconnected or turned
off (especially any Linux box that hasn't been properly secured). Assume
all of you current machines are unsafe. Sounds like paranoia, but a little
more effort and planning upfront goes a long way. It doesn't do you any
good to put in a firewall if you already have a compromised box behind it.
I agree with the recommendation of the "Building Internet Firewalls" book as
well as the "Building Linux and OpenBSD Firewalls" book (if you go the
Linux/OpenBSD route). I haven't read the latter book, but I have friends
that are new to Linux/UNIX and found it very helpful. Some of the info is a
bit dated, but overall good from my quick perusal.
Personally, I'd go with OpenBSD myself.
HTH,
Mike
> And, of course, unless win2k has a new updated IIS, well, then make sure
> you redo that box at the least, and most likely the exchange server all
> from sc4ratch, as since they are currently unprotected, are likely to be
> compromised already. No unprotected machines should EVER be put on the
> internet.
>
> > Try OpenBSD - www.openbsd.org
> >
> > It comes with IPFilter - for more details on IPFilter , look at
> http://coombs.anu.edu.au/~avalon
> >
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
