Jim DeMarco
Jdemarco at hshhp.org
Fri May 23 08:44:30 CDT 2003
What about running it on another machine on my (wireless) network that's not directly connected to my DSL modem but has Internet access via that connection? Is that any safer? Jim DeMarco -----Original Message----- From: Frank Tanner III [mailto:pctech at mybellybutton.com] Sent: Friday, May 23, 2003 9:29 AM To: accessd at databaseadvisors.com Subject: RE: [AccessD] OT: DSL/IIS/Viruses Personally, I wouldn't run ANY public accessable services on my LAN. There is a MUCH safer way to do it, but it isn't super cheap. I have a custom built firewall, which I run at home. The "public" side of it connects directly to my Internet connection, in this case a 1Mbit VDSL connection. Then I have a "private" side, which connects to my LAN, and has my strict firewall rules. Only what I want gets in and out. Lastly, I have a "DMZ". This is where I place my publicly accessable machines. It is still firewalled, but not as stringently as the LAN side, since the public needs to hit it. Even in this DMZ I only let through the ports I absolutely need to. Such as 80 & 443 for Web, 25 & 110 for e-mail, etc. My LAN is also firewalled from my DMZ in this configuration except for what's absolutely needed. In this confugiration, unless I specifically open an e-mail with a virus attached, or something silly like that, I'm about as safe as one can get from "the big bad Internet". The worst that can happen is that there is an exploit for one of my publicly accessable boxes and they get compromised. My LAN is still safe. As a side note, my firewall, web server, and e-mail server are all running Linix or FreeBSD. This makes them less succeptable to all of the more common attacks that the "script kiddies" like to use. About 80% of the attacks and defacements on publicly accessable servers are done by "script kiddies". An added benifit is that IIS specific exploits have no affect other than to fill my logs, which archive and rotate off daily. Is this a bit excessive, since I don't run a business out of my home? Yeah, it is. But there's no such thing as too much security. --- John Frederick <j.frederick at att.net> wrote: > Yes, it is necessary. When I started doing .asp on > the same machine I used > to dial-up to get email, I got, over some period of > time, about a dozen > different viruses, some of which propagated through > my lan to other > machines. If you can't block the access from the > net to your machines, you > need to either use a firewall or disconnect the pws > machine from the lan. > > P.S.: If you put firewalls, such as Norton or McAfee > on your machines, you > can ask to be warned and have a change to say ok or > no when a program tries > to access another machine or the net. You'll be > amazed about how many > Microsoft and other vendow programs do so for no > reason related to your > current operation in progress. If you're not > already paranoid, that will > make you so. > > -----Original Message----- > From: accessd-bounces at databaseadvisors.com > [mailto:accessd-bounces at databaseadvisors.com]On > Behalf Of Jim DeMarco > Sent: Friday, May 23, 2003 8:03 AM > To: AccessD (E-mail) > Subject: [AccessD] OT: DSL/IIS/Viruses > > > List, > > A while back I got a DSL connection on my home > office PC which I > occasionally use for web development using Personal > Web Server (Win 9x/ME > version of IIS). I was advised by our staff network > person NOT to run PWS > after the DSL was up because I'd be succeptable to > attacks and viruses. > Does anyone know if this is true? I have not run > PWS in a couple of months > and have been using a disconnected laptop to write > ASP code but I'm > wondering if this is necessary. Would I need to > install a firewall if I > want to run PWS? > > Thanks, > > Jim DeMarco > > > **************************************************************************** > ******* > "This electronic message is intended to be for the > use only of the named > recipient, and may contain information from Hudson > Health Plan (HHP) that is > confidential or privileged. If you are not the > intended recipient, you are > hereby notified that any disclosure, copying, > distribution or use of the > contents of this message is strictly prohibited. If > you have received this > message in error or are not the named recipient, > please notify us > immediately, either by contacting the sender at the > electronic mail address > noted above or calling HHP at (914) 631-1611. If you > are not the intended > recipient, please do not forward this email to > anyone, and delete and > destroy all copies of this message. Thank You". > **************************************************************************** > ******* > > _______________________________________________ > AccessD mailing list > AccessD at databaseadvisors.com > http://databaseadvisors.com/mailman/listinfo/accessd > Website: http://www.databaseadvisors.com > > > _______________________________________________ > AccessD mailing list > AccessD at databaseadvisors.com > http://databaseadvisors.com/mailman/listinfo/accessd > Website: http://www.databaseadvisors.com _______________________________________________ AccessD mailing list AccessD at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/accessd Website: http://www.databaseadvisors.com *********************************************************************************** "This electronic message is intended to be for the use only of the named recipient, and may contain information from Hudson Health Plan (HHP) that is confidential or privileged. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of the contents of this message is strictly prohibited. If you have received this message in error or are not the named recipient, please notify us immediately, either by contacting the sender at the electronic mail address noted above or calling HHP at (914) 631-1611. If you are not the intended recipient, please do not forward this email to anyone, and delete and destroy all copies of this message. Thank You". ***********************************************************************************