Unfortunately I do not have spare machines I could use as firewalls, and the
terms and conditions with the Telco disallow sharing the ADSL over a
network...
Kind Regards
William Bartholomew
Internet Developer
Orli-TECH
www.orlitech.com.au
"Your Innovative e-Business Partner"
Phone: (07) 3292 0222
Fax: (07) 3292 0221
Mobile: 0418 199 661
***************************
This electronic communication (including any attached files) may contain
confidential and/or legally privileged information and is only intended for
the
viewing purposes of the person to whom it is addressed. If you are not the
intended
recipient, you do not have permission to read, use, disseminate, distribute,
copy or retain any part of this communication or its attachments in any
form.
-----Original Message-----
From: Eric Johnson [mailto:[EMAIL PROTECTED]]
Sent: Friday, 13 July 2001 9:24 AM
To: Ron DuFresne; William Bartholomew
Cc: '[EMAIL PROTECTED]'
Subject: Re: Personal Firewalls
At 05:58 PM 7/12/2001 -0500, Ron DuFresne wrote:
>Move that system to the DMZ outside the firewall and network, lockdown the
>services it has opened to the public, consider it a sacrificial lamb, with
>backup images stored for replay. Harden it further with the same tools
>you use for your primary firewall. And then only allow connections from
>within to it to retrieve what you need. Do not allow it to do it's own
>connects inside.
>
>Thanks,
>
>Ron DuFresne
>
>On Fri, 13 Jul 2001, William Bartholomew wrote:
>
> > I have a network with a permanent dial-up connection which I have
> firewalled
> > with a Linux box using IP Chains, Psionic Logcheck, Portsentry and
Snort.
> > But one of my machines inside the network has an ADSL connection for
large
> > downloads etc., can anyone recommend a personal firewall package that I
can
> > install on that machine to protect both it and the other machines
> inside the
> > network?
Would it be better to put it out on the DMZ or to run two DMZ's?
I'd think it would be better to run two firewalls. Something like:
Router/Firewall
|
DMZ
|
Firewall ---- ADSL machine -- Router/Firewall -- ADSL
|
Internal
Network
That way, if a computer in your regular DMZ was compromised, the ADSL
machine
would be protected by the company firewall and vice versa.
Furthermore, very restricted access rules could be set down at the
firewalls for access
to the ADSL machine. For example, the Router/Firewall on the ADSL side
should
probably block all incoming traffic.
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
