bastion

To: Henry Hollenberg <speed@barney.iamerica.net>
Cc: debian-firewall@lists.debian.org
Subject: bastion
From: Christoph Lameter <christoph@lameter.com>
Date: Wed, 4 Mar 1998 08:58:12 -0800 (PST)
Message-id: <[🔎] Pine.LNX.3.96.980304085346.9752A-100000@lameter.com>
In-reply-to: <[🔎] Pine.LNX.3.95.980304082641.1682J-100000@barney.iamerica.net>

I just looked through the original concept.

Thoughts.

1. There is no way someone can break into a debian system given you
configure it right. The bastion host can do other things on the side.

2. The use of Linux should be as an advanced firewall.

For example IP Defragmentation can protect from most teardrop style
attacks. IP masquerading can protect your secure network completely. There
is no way to access hosts on the net from the outside yet the hosts on the
net have completely transparent acess to the outside. Use ipportfw you can
allow access to certain ports on that secure network.

Thus you can protect your legacy systems. You need to have lots of tools
on the "bastion" in order to do effective packet filtering, logging of
violations etc.



--
E-mail the word "unsubscribe" to debian-firewall-request@lists.debian.org
TO UNSUBSCRIBE FROM THIS MAILING LIST. Trouble?  e-mail to listmaster@debian.org .

Reply to:

Follow-Ups:
- Re: bastion
  - From: Henry Hollenberg <speed@barney.iamerica.net>

References:
- Re: last call on these packages before they are "cut"
  - From: Henry Hollenberg <speed@barney.iamerica.net>

Prev by Date: ?-able packages for a firewall.
Next by Date: Re: bastion
Previous by thread: Re: last call on these packages before they are "cut"
Next by thread: Re: bastion
Index(es):
- Date
- Thread