Re: Firewall

[Bryan Andersen <bryan@visi.com>]

Manu Heirbaut wrote:
> 
> * Adam William Lydick (awlydick@bulldog.unca.edu) wrote:
> > That said, I use a hub out of my dorm (and ip aliasing, which is neat
> > stuff) and don't really have any problems. I also don't have a serious
> > firewall setup, if I did, I'd probably use a dual (or probally 3-NIC)
> > setup.
> 
> What advantage would a 3-NIC setup have over a dual setup ?
> I'm sorry if this is a dump question, but I just started out on
> following these security issues because now I finally have DSL the
> need for securety is not a luxery any more.

With three NICs you can have a DMZ for internet accessible 
servers that is totally separate from you local systems network.  
This way you can set more restrictive firewall rules for the 
machines in the DMZ.  I use a DMZ for my web and DNS servers.  
They have a very high level of restriction on what they are 
able to do network wise.  On the other hand my general use 
systems are behind much less restrictive filtering rules.  
For an example the machines on the DMZ segment aren't allowed 
to make WEB, telnet, or ftp connections to other systems, 
even my general use systems.  The DMZ systems can't access 
any of my general use systems except via ssh.  I've also made 
it really hard for them to do general scanning as most ports
are blocked from going out at the firewall.


-- 
|  Bryan Andersen   |   bryan@visi.com   |   http://www.nerdvest.com   |
| Buzzwords are like annoying little flies that deserve to be swatted. |
|   -Bryan Andersen                                                    |