From owner-freebsd-security Sat Apr 7 7:57:54 2001 Delivered-To: freebsd-security@freebsd.org Received: from mailgate.kechara.net (mailgate.kechara.net [62.49.139.2]) by hub.freebsd.org (Postfix) with ESMTP id D78B937B43F for ; Sat, 7 Apr 2001 07:57:48 -0700 (PDT) (envelope-from lee@kechara.net) Received: from area57 (lan-fw.kechara.net [62.49.139.3]) by mailgate.kechara.net (8.9.3/8.9.3) with SMTP id RAA18117 for ; Sat, 7 Apr 2001 17:10:51 +0100 Message-Id: <200104071610.RAA18117@mailgate.kechara.net> Date: Sat, 07 Apr 2001 16:00:40 +0100 To: freebsd-security@freebsd.org From: Lee Smallbone Subject: Theory Question Reply-To: lee@kechara.net Organization: Kechara Internet X-Mailer: Opera 5.02 build 856a X-Priority: 3 (Normal) Mime-Version: 1.0 Content-Type: multipart/mixed;; boundary="_OPERAB__-snRvxGpQZy4mJNr+rjvg5d" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --_OPERAB__-snRvxGpQZy4mJNr+rjvg5d Content-Type: text/plain; charset="us-ascii"; Hi there, I have a theory that I'd like to run past you guys if I may. We have an IDS watching over our network, and currently it logs to itself, and has a publicly accessible IP address. Now what I want to do is get it to also log to a second machine, privately addressed, and remove the public IP address from the IDS, and use the private machine to run stats on and so forth. The primary concern is security. I am of the belief that a machine with no IP address cannot be 'hacked' (externally), is this true in the real world? The setup would look a little like this. (my apologies to those of you who do not have fixed-width fonts. See attachment if they're allowed here) /------\ /Internet\-----[router]-------[switch]----[various servers] / \ | | ------------ | | | | [IDS] | | [firewall] | | | | | | \ [switch] \ / \ \ / \ \ / \ \ / \ \ / [internal lan] \ / 192.168.1.x [IDS Log 2] 192.168.1.x Would the direct link to the Internal network pose a threat to the rest of the Internal Lan? Bearing in mind the IDS wouldn't have an IP address? Any input appreciated. -- Lee Smallbone Kechara Internet lee@kechara.net www.kechara.net Tel: (01243) 869 969 Fax: (01243) 866 685 --_OPERAB__-snRvxGpQZy4mJNr+rjvg5d Content-Disposition: attachment; filename="layout.txt" Content-Type: text/plain; name="layout.txt" /------\ /Internet\-----[router]-------[switch]----[various servers] / \ | | ------------ | | | | [IDS] | | [firewall] | | | | | | \ [switch] \ / \ \ / \ \ / \ \ / \ \ / [internal lan] \ / 192.168.1.x [IDS Log 2] 192.168.1.x /------\ /Internet\-----[router]-------[switch]----[various servers] / \ | | ------------ | | | | [IDS] | | [firewall] | | | | | | \ [switch] \ / \ \ / \ \ / \ \ / \ \ / [internal lan] \ / 192.168.1.x [IDS Log 2] 192.168.1.x --_OPERAB__-snRvxGpQZy4mJNr+rjvg5d-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message