[Techtalk] DMZs, etc.

[Michelle Murrain]

At 02:05 PM 12/11/2001, jhamilto at n2h2.com wrote:
>Security is made up of more that just 'is your box broken into?'. In
>fact, setting up a 'secure' system includes more factors that you may
>realize. For instance, you should account for the fact that your servers
>are not in a very 'secure' place, your office. You should definitely
>look for another room, and jenny v mentioned, that can be locked at all
>times. You should also account for environmental failures that can
>threaten your computer equipment, like backup power plans in case of
>electricity failure, or how you would recover the data in case of a
>fire. Hopefully you have already set up a backup scheme for your file
>server and any other important data, system configurations, and
>installations. If you are really interested in setting up a secure site,
>I recommend the book White-Hat Security Arsenal: Tackling the Threats,
>which will open your eyes to threats and vulnerabilities that you've
>never thought of before.

Well, actually, they are very secure. My office is in my home. And there's 
me, my partner the non-geek, and the cats. I am thinking of buying an alarm 
system, actually. I've been thinking a bit about off site backups, and will 
probably begin to use a net-based service for critical files, but honestly, 
if my house burned down, I'd be thinking about a lot more than my data. :-( 
Luckily, I am a religious backer-uper, and use tape drives.

Thanks for the book recommendation. I've been reading Maximum Security, 
which is also a good book.

>If you are only wanting to set up NFS for a CVS repository, I'd
>recommend sharing code to CVS remotely from all users instead of using
>NFS. Not only for security reasons, but also for CVS management.

I'm pretty new to CVS, and I expect as I learn more, I'll find better ways 
of managing things. I am beginning to shy away from NFS. I just wanted an 
easy way to share data from my development box to the server that holds 
everything, and backs everything up, etc.

>If you are willing to spend up to $500 on a fast, easy, and scalable
>firewall (and router, NAT, DHCP server) there are some small-office
>solutions. One example is Watchguard's SOHO firewall, can probably be
>found on Ebay for a couple hundred. Retail price from the web site
>(http://www.watchguard.com/products/soho.html) is about $400. I've used
>this at home and it's really easy to set up. It offers a lot of firewall
>features that you are looking for, and it would only take a couple of
>hours to set up.
>
>  I don't know what kind of business you run, but scalability and ease of
>use is sometimes worth the money to pay for a solution that comes 'out
>of the box'. Remember to factor in time and resources as well as price
>when deciding on a solution for a business environment.

I have a very simple solo consulting practice, primarily web application 
programming and strategic technology planning, and it's me myself and I and 
a few colleagues I work with formally or informally. No employees. Half of 
the reason I'm doing all of this is because I get to learn how to set this 
stuff up. If I were into total efficiency, then I'd probably go with an 
appliance. But I love linux, and love to learn about all this stuff - and 
here's yet another chance to get my feet wet (well, OK, soaked).

I like the one box firewall idea (whether I go with SmootWall, or something 
else). It reduces my box count by one, which is really all I wanted. I had 
actually thought about that - 3 nic cards in a box, but I figured that 
wouldn't work. But I guess I was wrong. Great! I may roll my own solution, 
because I might like to add some customized software, and I haven't figured 
out yet how hard that is to do with SmoothWall.

.Michelle

---------------------------------------
Michelle Murrain, Ph.D.
tech at murrain.net
AIM:pearlbear0
http://www.murrain.net/ for pgp public key