Move that system to the DMZ outside the firewall and network, lockdown the
services it has opened to the public, consider it a sacrificial lamb, with
backup images stored for replay. Harden it further with the same tools
you use for your primary firewall. And then only allow connections from
within to it to retrieve what you need. Do not allow it to do it's own
connects inside.
Thanks,
Ron DuFresne
On Fri, 13 Jul 2001, William Bartholomew wrote:
> I have a network with a permanent dial-up connection which I have firewalled
> with a Linux box using IP Chains, Psionic Logcheck, Portsentry and Snort.
> But one of my machines inside the network has an ADSL connection for large
> downloads etc., can anyone recommend a personal firewall package that I can
> install on that machine to protect both it and the other machines inside the
> network?
>
> Kind Regards
> William Bartholomew
> Internet Developer
> Orli-TECH
> www.orlitech.com.au
> "Your Innovative e-Business Partner"
> Phone: (07) 3292 0222
> Fax: (07) 3292 0221
> Mobile: 0418 199 661
> ***************************
> This electronic communication (including any attached files) may contain
> confidential and/or legally privileged information and is only intended for
> the
> viewing purposes of the person to whom it is addressed. If you are not the
> intended
> recipient, you do not have permission to read, use, disseminate, distribute,
>
> copy or retain any part of this communication or its attachments in any
> form.
> _______________________________________________
> Firewalls mailing list
> [EMAIL PROTECTED]
> http://lists.gnac.net/mailman/listinfo/firewalls
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
