I just looked through the original concept.
1. There is no way someone can break into a debian system given you
configure it right. The bastion host can do other things on the side.
2. The use of Linux should be as an advanced firewall.
For example IP Defragmentation can protect from most teardrop style
attacks. IP masquerading can protect your secure network completely. There
is no way to access hosts on the net from the outside yet the hosts on the
net have completely transparent acess to the outside. Use ipportfw you can
allow access to certain ports on that secure network.
Thus you can protect your legacy systems. You need to have lots of tools
on the "bastion" in order to do effective packet filtering, logging of
E-mail the word "unsubscribe" to firstname.lastname@example.org
TO UNSUBSCRIBE FROM THIS MAILING LIST. Trouble? e-mail to email@example.com .
- Re: bastion
- From: Henry Hollenberg <firstname.lastname@example.org>