Date: Fri, 10 Aug 2001 14:33:45 +0200 (CEST) From: Krzysztof Zaraska <kzaraska@student.uci.agh.edu.pl> To: freebsd-security@freebsd.org Subject: Re: Separate firewall or not...OOPS no subject sorry! Message-ID: <Pine.BSF.4.21.0108101425490.63404-100000@lhotse.zaraska.dhs.org> In-Reply-To: <20010810031430.S3889@gnjilux.cc.fer.hr>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 10 Aug 2001, Ivan Krstic wrote: > On Fri, Aug 10, 2001 at 10:47:49AM +1000, Keith Spencer wrote: > > Should I build a separate preimeter firewall machine > > with only that on it...restrict/remove compilers etc > > (how do I do that?) and have the router/dns/web/wail > > server inside the perimeter. > > This would be the most desired solution, if you have the resources to spare for > a separate firewall machine. If this machine would serve no other purpose > beside being a firewall, just about any old box (PI) will do for SOHOs. Also see Chapman, "Building Internet Firewalls". There's some good stuff about firewall design as itself. Specifically, they recommend building perimeter network and moving all services there and placing all other machines on the internal network. So if a server is compromised, still there's a firewall to go between the attacker and internal network. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0108101425490.63404-100000>