[Techtalk] DMZs, etc.
jennyw
jennyw at dangerousideas.com
Mon Dec 10 19:15:32 EST 2001
The the servers are all Linux, you could just have firewall software on all
of them if won't slow them down (it doesn't sound like it if you're only on
a fractiona T-1). You could then get away with a single firewall for your
internal network (if the number of boxes is the primary concern).
I've asked about building low-cost firewalls on this list and elsewhere.
Here are some free software packages that can be run off of cheap (<$150
since it doesn't seem like performance will be a huge deal) computers; some
do not require a hard drive:
http://smoothwall.org/
http://www.devil-linux.com/
http://www.embsd.org
http://www.zelow.no/floppyfw/
http://www.sentryfirewall.com/
http://www.opensourcefirewall.com/index.html
http://www.suse.com/us/products/suse_business/firewall/ (not free)
I'm sure there are others out there ...
I have not tried any of these yet, but will try them soon.
Jen
----- Original Message -----
From: "Michelle Murrain" <tech at murrain.net>
To: <techtalk at linuxchix.org>
Sent: Monday, December 10, 2001 12:39 PM
Subject: Re: [Techtalk] DMZs, etc.
> At 03:02 PM 12/10/2001, you wrote:
> >Just a spot of theory here:
> >
> >The reason for putting servers in a DMZ and having a separate zone for
> >internal boxes is that servers run extra software and have extra ports
> >open. This makes them more vulnerable than workstations.
> >
> >NOT having a firewall between the servers and the workstations makes the
> >workstations (and the local traffic) almost as vulnerable as the
> >servers. This is usually considered A Bad Thing - at least in commercial
> >situations.
>
> OK, it sounds like it makes the most sense to set up the DMZ, and live
with
> the extra heat and cost. I just wish that someone would come up with
really
> cheap (<$500) linux-based network appliances that don't take much
> electricity, or generate much heat. Anyone heard of such a thing?
>
> .Michelle
>
> ---------------------------------------
> Michelle Murrain, Ph.D.
> tech at murrain.net
> AIM:pearlbear0
> http://www.murrain.net/ for pgp public key
More information about the Techtalk
mailing list