[Techtalk] DMZs, etc.
Lemanski, Lahoma J.
LJLemanski at mail.ifas.ufl.edu
Tue Dec 11 09:41:45 EST 2001
I set up a hardware firewall last night that has all the functionality you
could possibly hope for, it is a linux kernel based firewall, and uses an
old box.
All you need is three nics (if you want to set up a DMZ server farm),(for
the easiest setup, nics made by different manufacturers would be best), 16
megs of RAM, A cdrom drive, an old Hard drive (i used a WD 420 MB disk) an
old video card and keyboard, and Monitor(monitor is only needed during the
initial setup. If your old machine has issues with booting from the cdrom,
you can make a boot disk from an image provided with the install disk. It is
remotely configurable from a web browser, acts as a dhcp server, cacheing
dns server, and can also setup dyndns for your webservers/ftp servers if
neccesary. You can download the iso from www.smoothwall.org. I highly
recommend it. They are currently working to produce a product that can use
solidstate memory instead of a hard drive, and if you want to make a
donation to their paypal account it may help them with their development. I
have tested the integrity of this product (with the help of a friend who
also runs a smoothwall) and even the most aggressive and sneaky scanning
tactics produced no results. Also, the web administration interface is
really beautiful, easy configuration, and really great help and
documentation is availabel.
Good Luck,
Lahoma
-----Original Message-----
From: Michelle Murrain [mailto:tech at murrain.net]
Sent: Monday, December 10, 2001 3:39 PM
To: techtalk at linuxchix.org
Subject: Re: [Techtalk] DMZs, etc.
At 03:02 PM 12/10/2001, you wrote:
>Just a spot of theory here:
>
>The reason for putting servers in a DMZ and having a separate zone for
>internal boxes is that servers run extra software and have extra ports
>open. This makes them more vulnerable than workstations.
>
>NOT having a firewall between the servers and the workstations makes the
>workstations (and the local traffic) almost as vulnerable as the
>servers. This is usually considered A Bad Thing - at least in commercial
>situations.
OK, it sounds like it makes the most sense to set up the DMZ, and live with
the extra heat and cost. I just wish that someone would come up with really
cheap (<$500) linux-based network appliances that don't take much
electricity, or generate much heat. Anyone heard of such a thing?
.Michelle
---------------------------------------
Michelle Murrain, Ph.D.
tech at murrain.net
AIM:pearlbear0
http://www.murrain.net/ for pgp public key
_______________________________________________
Techtalk mailing list
Techtalk at linuxchix.org
http://www.linuxchix.org/mailman/listinfo/techtalk
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.306 / Virus Database: 166 - Release Date: 12/4/2001
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.306 / Virus Database: 166 - Release Date: 12/4/2001
More information about the Techtalk
mailing list