* This is the modus mailing list * We use the Cisco IOS firewall feature set in our Cisco routers http://www.cisco.com/warp/public/cc/pd/iosw/ioft/iofwft/index.shtml
This allows to open only the ports that are necessary for operation. As a web hosting company with over 800 servers, firewall protect is a absolute must. We are using 10 Cisco routers in various configurations We actually restrict access to certain ports for each server. i.e. a web server will only have open ftp, www, https for inbound connections A suggestion for sql server - since we rent dedicated sql servers, we use an alternate port (1443 is always closed in the firewall) and restrict that port to only allow the client IP address to access. The IOS feature set also has http. ftp, etc dynamic ACL's. This resolves teh FTP problem with just using extended ACL's This has worked great for us and we have never been attacked, but have blocked many attacks The basic rule is close EVERYTHING unless it is needed Jeff ----- Original Message ----- From: "Cary Fitch" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, February 08, 2004 08:28 Subject: [Modus] Firewall and Security * This is the modus mailing list * One of the things we are about to do is move our SQL Server to a private address. Since the only machines that need to talk to it are: Mail Server, Radius Server(s), Web Server (Rodopi), that are on our network, it should be able to be on private (non publicly routeable) addresses, and visable only to our own net, thus protecting it from much "ill will". Those machines will have public and private addresses, but the SQL Server would have only a private address. Other firewalling is also in progress. Cary Fitch Attend Peering Conference for ISP's, April 23-24, 2004, Dallas Texas Full info: http://www.peercon.org ----- Original Message ----- From: "Globalnet" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, February 08, 2004 10:16 AM Subject: [Modus] Firewall and Security > * This is the modus mailing list * > > We are looking for some info as in regards to security. > > We have been approached by a security advisor that recommends we place our > network behind a hardware firewall such as the Sonicwall Pro 230 > > > Our concerns is how does this effect the network, etc in the since as one > whom is a ISP, which all the various servers, network issues, etc, > Bandwidth? Just about every aspect? > > Basically here we are in the blind, we want to secure all of our servers, > Especially our sql nt machine running rodopi, mail server, running > Modusmail, and Web servers, and FTP Servers, and Radius Servers > > Is hardware the best to go or what does one recommend in this issue? > > Any insight here would be appreciated. > > > ** > To unsubscribe, send an Email to: [EMAIL PROTECTED] > with the word "UNSUBSCRIBE" in the body or subject line. ** To unsubscribe, send an Email to: [EMAIL PROTECTED] with the word "UNSUBSCRIBE" in the body or subject line. ** To unsubscribe, send an Email to: [EMAIL PROTECTED] with the word "UNSUBSCRIBE" in the body or subject line.
