Date: Tue, 17 Sep 1996 17:34:24 -0400 From: C Matthew Curtin <cmcurtin@research.megasoft.com> To: neil@corpex.com (Neil) Cc: freebsd-questions@FreeBSD.org Subject: Re: Firewalling with IPFW Message-ID: <199609172134.RAA00617@goffette.research.megasoft.com> In-Reply-To: <m0v1Ez9-0000ScC@corpex.com> References: <m0v1Ez9-0000ScC@corpex.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> "Neil" == Neil <neil@corpex.com> writes: Neil> We are interested in running a firewall for a single machine, Neil> and would obviously like to minimize the amount of hardware we Neil> are using. When building firewalls, don't prune down the number of components too much. If you're going to be using FreeBSD as your packet filter, make sure that you've got a packet filtering router (or another very well locked down FreeBSD machine) out in front of it. Having a single point of security failure is a naughty, naughty thing in the context of firewalls. Be sure to design your system such that several "impossible" things will need to happen before an attacker is able to get into your network. See Ches & Bellovin's _Firewalls_and_Internet_Security_, and/or Chapman and Zwicky's _Building_Internet_Firewalls_ for details on the (lack of) wisdom in putting all of your eggs in one proverbial basket. -- C Matthew Curtin MEGASOFT, INC Chief Scientist I speak only for myself. Don't whine to anyone but me about anything I say. Hacker Security Firewall Crypto PGP Privacy Unix Perl Java Internet Intranet cmcurtin@research.megasoft.com http://research.megasoft.com/people/cmcurtin/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199609172134.RAA00617>