Re: Firewall
Manu Heirbaut wrote:
>
> * Adam William Lydick (awlydick@bulldog.unca.edu) wrote:
> > That said, I use a hub out of my dorm (and ip aliasing, which is neat
> > stuff) and don't really have any problems. I also don't have a serious
> > firewall setup, if I did, I'd probably use a dual (or probally 3-NIC)
> > setup.
>
> What advantage would a 3-NIC setup have over a dual setup ?
> I'm sorry if this is a dump question, but I just started out on
> following these security issues because now I finally have DSL the
> need for securety is not a luxery any more.
With three NICs you can have a DMZ for internet accessible
servers that is totally separate from you local systems network.
This way you can set more restrictive firewall rules for the
machines in the DMZ. I use a DMZ for my web and DNS servers.
They have a very high level of restriction on what they are
able to do network wise. On the other hand my general use
systems are behind much less restrictive filtering rules.
For an example the machines on the DMZ segment aren't allowed
to make WEB, telnet, or ftp connections to other systems,
even my general use systems. The DMZ systems can't access
any of my general use systems except via ssh. I've also made
it really hard for them to do general scanning as most ports
are blocked from going out at the firewall.
--
| Bryan Andersen | bryan@visi.com | http://www.nerdvest.com |
| Buzzwords are like annoying little flies that deserve to be swatted. |
| -Bryan Andersen |
Reply to:
- References:
- Re: Firewall
- From: Vineet Kumar <debian-security@virtual.doorstop.net>
- Re: Firewall
- From: Adam William Lydick <awlydick@bulldog.unca.edu>
- Re: Firewall
- From: Manu Heirbaut <manu@heirbaut.com>