<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2654.45">
<TITLE>RE: [AccessD] OT: DSL/IIS/Viruses</TITLE>
</HEAD>
<BODY>
<P><FONT SIZE=2> If I have a router with a built in firewall and I set up a web server for development work on my lan behind the firewall will I be able to access the web server sites but the outside world will not?</FONT></P>
<P><FONT SIZE=2>Jim Hale</FONT>
</P>
<P><FONT SIZE=2>-----Original Message-----</FONT>
<BR><FONT SIZE=2>From: Frank Tanner III [<A HREF="mailto:pctech@mybellybutton.com">mailto:pctech@mybellybutton.com</A>]</FONT>
<BR><FONT SIZE=2>Sent: Friday, May 23, 2003 10:54 AM</FONT>
<BR><FONT SIZE=2>To: accessd@databaseadvisors.com</FONT>
<BR><FONT SIZE=2>Subject: RE: [AccessD] OT: DSL/IIS/Viruses</FONT>
</P>
<BR>
<P><FONT SIZE=2>Depends.</FONT>
</P>
<P><FONT SIZE=2>If you go the "firewall appliance" route, such as</FONT>
<BR><FONT SIZE=2>SinocWall, you're looking at close to a thousand bucks</FONT>
<BR><FONT SIZE=2>(the last time I checked). If you go the "I'm taking</FONT>
<BR><FONT SIZE=2>a PC, putting multiple network cards in it and making</FONT>
<BR><FONT SIZE=2>a firewall out of it." you can get away for free if</FONT>
<BR><FONT SIZE=2>you have the hardware readily available.</FONT>
</P>
<P><FONT SIZE=2>My firewall is a P3-700 PC with 256MB of RAM, an 8GB</FONT>
<BR><FONT SIZE=2>hard drive and 4 network cards. Hardware-wise this</FONT>
<BR><FONT SIZE=2>firewall is way overkill for what I need, . I</FONT>
<BR><FONT SIZE=2>wouldn't recommend anything less than a P2-333 for a</FONT>
<BR><FONT SIZE=2>firewall though if you have a DSL or cablemodem based</FONT>
<BR><FONT SIZE=2>Internet connection. For an OS it's running a</FONT>
<BR><FONT SIZE=2>hardened minimilistic flavor of Red Hat Linux 8.0. </FONT>
<BR><FONT SIZE=2>I'm running the built-in IPTables firewall for all of</FONT>
<BR><FONT SIZE=2>my firewalling needs. That makes the OS and firewall</FONT>
<BR><FONT SIZE=2>free too.</FONT>
</P>
<P><FONT SIZE=2>--- Jim DeMarco <Jdemarco@hshhp.org> wrote:</FONT>
<BR><FONT SIZE=2>> Thanks Martin. </FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> >From what I'm gathering from this thread I should</FONT>
<BR><FONT SIZE=2>> look into a hardware solution (that the fact that</FONT>
<BR><FONT SIZE=2>> I'm running WinME on a P200 that's a relatively slow</FONT>
<BR><FONT SIZE=2>> performer as is). How costly might that be?</FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> Jim DeMarco</FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> -----Original Message-----</FONT>
<BR><FONT SIZE=2>> From: Mwp.Reid@Queens-Belfast.AC.UK</FONT>
<BR><FONT SIZE=2>> [<A HREF="mailto:Mwp.Reid@Queens-Belfast.AC.UK">mailto:Mwp.Reid@Queens-Belfast.AC.UK</A>]</FONT>
<BR><FONT SIZE=2>> Sent: Friday, May 23, 2003 11:12 AM</FONT>
<BR><FONT SIZE=2>> To: accessd@databaseadvisors.com</FONT>
<BR><FONT SIZE=2>> Subject: RE: [AccessD] OT: DSL/IIS/Viruses</FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> Jim</FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> You run a web server at hoem your always at risk of</FONT>
<BR><FONT SIZE=2>> hacking attempts. Put up a secent firewall.</FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> I have IIS running on a server here but its not</FONT>
<BR><FONT SIZE=2>> connected to the web. Dosnt matter for dev work at</FONT>
<BR><FONT SIZE=2>> all. I connect as and when I need to. Other than </FONT>
<BR><FONT SIZE=2>> that I leave the server of the modems.</FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> Martin</FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> On May 23 2003, Jim DeMarco wrote:</FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> > What about running it on another machine on my</FONT>
<BR><FONT SIZE=2>> (wireless) network that's > not directly connected</FONT>
<BR><FONT SIZE=2>> to my DSL modem but has Internet access via that ></FONT>
<BR><FONT SIZE=2>> connection? Is that any safer?</FONT>
<BR><FONT SIZE=2>> > </FONT>
<BR><FONT SIZE=2>> > Jim DeMarco</FONT>
<BR><FONT SIZE=2>> > </FONT>
<BR><FONT SIZE=2>> > </FONT>
<BR><FONT SIZE=2>> > -----Original Message-----</FONT>
<BR><FONT SIZE=2>> > From: Frank Tanner III</FONT>
<BR><FONT SIZE=2>> [<A HREF="mailto:pctech@mybellybutton.com">mailto:pctech@mybellybutton.com</A>]</FONT>
<BR><FONT SIZE=2>> > Sent: Friday, May 23, 2003 9:29 AM</FONT>
<BR><FONT SIZE=2>> > To: accessd@databaseadvisors.com</FONT>
<BR><FONT SIZE=2>> > Subject: RE: [AccessD] OT: DSL/IIS/Viruses</FONT>
<BR><FONT SIZE=2>> > </FONT>
<BR><FONT SIZE=2>> > </FONT>
<BR><FONT SIZE=2>> > Personally, I wouldn't run ANY public accessable</FONT>
<BR><FONT SIZE=2>> > services on my LAN. There is a MUCH safer way to</FONT>
<BR><FONT SIZE=2>> do</FONT>
<BR><FONT SIZE=2>> > it, but it isn't super cheap.</FONT>
<BR><FONT SIZE=2>> > </FONT>
<BR><FONT SIZE=2>> > I have a custom built firewall, which I run at</FONT>
<BR><FONT SIZE=2>> home. </FONT>
<BR><FONT SIZE=2>> > The "public" side of it connects directly to my</FONT>
<BR><FONT SIZE=2>> > Internet connection, in this case a 1Mbit VDSL</FONT>
<BR><FONT SIZE=2>> > connection. Then I have a "private" side, which</FONT>
<BR><FONT SIZE=2>> > connects to my LAN, and has my strict firewall</FONT>
<BR><FONT SIZE=2>> rules. </FONT>
<BR><FONT SIZE=2>> > Only what I want gets in and out. Lastly, I have</FONT>
<BR><FONT SIZE=2>> a</FONT>
<BR><FONT SIZE=2>> > "DMZ". This is where I place my publicly</FONT>
<BR><FONT SIZE=2>> accessable</FONT>
<BR><FONT SIZE=2>> > machines. It is still firewalled, but not as</FONT>
<BR><FONT SIZE=2>> > stringently as the LAN side, since the public</FONT>
<BR><FONT SIZE=2>> needs to</FONT>
<BR><FONT SIZE=2>> > hit it. Even in this DMZ I only let through the</FONT>
<BR><FONT SIZE=2>> ports</FONT>
<BR><FONT SIZE=2>> > I absolutely need to. Such as 80 & 443 for Web,</FONT>
<BR><FONT SIZE=2>> 25 &</FONT>
<BR><FONT SIZE=2>> > 110 for e-mail, etc. My LAN is also firewalled</FONT>
<BR><FONT SIZE=2>> from</FONT>
<BR><FONT SIZE=2>> > my DMZ in this configuration except for what's</FONT>
<BR><FONT SIZE=2>> > absolutely needed.</FONT>
<BR><FONT SIZE=2>> > </FONT>
<BR><FONT SIZE=2>> > In this confugiration, unless I specifically open</FONT>
<BR><FONT SIZE=2>> an</FONT>
<BR><FONT SIZE=2>> > e-mail with a virus attached, or something silly</FONT>
<BR><FONT SIZE=2>> like</FONT>
<BR><FONT SIZE=2>> > that, I'm about as safe as one can get from "the</FONT>
<BR><FONT SIZE=2>> big</FONT>
<BR><FONT SIZE=2>> > bad Internet". The worst that can happen is that</FONT>
<BR><FONT SIZE=2>> > there is an exploit for one of my publicly</FONT>
<BR><FONT SIZE=2>> accessable</FONT>
<BR><FONT SIZE=2>> > boxes and they get compromised. My LAN is still</FONT>
<BR><FONT SIZE=2>> safe.</FONT>
<BR><FONT SIZE=2>> > </FONT>
<BR><FONT SIZE=2>> > As a side note, my firewall, web server, and</FONT>
<BR><FONT SIZE=2>> e-mail</FONT>
<BR><FONT SIZE=2>> > server are all running Linix or FreeBSD. This</FONT>
<BR><FONT SIZE=2>> makes</FONT>
<BR><FONT SIZE=2>> > them less succeptable to all of the more common</FONT>
<BR><FONT SIZE=2>> > attacks that the "script kiddies" like to use. </FONT>
<BR><FONT SIZE=2>> About</FONT>
<BR><FONT SIZE=2>> > 80% of the attacks and defacements on publicly</FONT>
<BR><FONT SIZE=2>> > accessable servers are done by "script kiddies". </FONT>
<BR><FONT SIZE=2>> An</FONT>
<BR><FONT SIZE=2>> > added benifit is that IIS specific exploits have</FONT>
<BR><FONT SIZE=2>> no</FONT>
<BR><FONT SIZE=2>> > affect other than to fill my logs, which archive</FONT>
<BR><FONT SIZE=2>> and</FONT>
<BR><FONT SIZE=2>> > rotate off daily.</FONT>
<BR><FONT SIZE=2>> > </FONT>
<BR><FONT SIZE=2>> > Is this a bit excessive, since I don't run a</FONT>
<BR><FONT SIZE=2>> business</FONT>
<BR><FONT SIZE=2>> > out of my home? Yeah, it is. But there's no such</FONT>
<BR><FONT SIZE=2>> > thing as too much security.</FONT>
<BR><FONT SIZE=2>> > </FONT>
<BR><FONT SIZE=2>> > --- John Frederick <j.frederick@att.net> wrote:</FONT>
<BR><FONT SIZE=2>> > > Yes, it is necessary. When I started doing .asp</FONT>
<BR><FONT SIZE=2>> on</FONT>
<BR><FONT SIZE=2>> > > the same machine I used</FONT>
<BR><FONT SIZE=2>> > > to dial-up to get email, I got, over some period</FONT>
<BR><FONT SIZE=2>> of</FONT>
<BR><FONT SIZE=2>> > > time, about a dozen</FONT>
<BR><FONT SIZE=2>> > > different viruses, some of which propagated</FONT>
<BR><FONT SIZE=2>> through</FONT>
<BR><FONT SIZE=2>> > > my lan to other</FONT>
<BR><FONT SIZE=2>> > > machines. If you can't block the access from</FONT>
<BR><FONT SIZE=2>> the</FONT>
<BR><FONT SIZE=2>> > > net to your machines, you</FONT>
<BR><FONT SIZE=2>> > > need to either use a firewall or disconnect the</FONT>
<BR><FONT SIZE=2>> pws</FONT>
<BR><FONT SIZE=2>> > > machine from the lan.</FONT>
<BR><FONT SIZE=2>> > > </FONT>
<BR><FONT SIZE=2>> > > P.S.: If you put firewalls, such as Norton or</FONT>
<BR><FONT SIZE=2>> McAfee</FONT>
<BR><FONT SIZE=2>> > > on your machines, you</FONT>
<BR><FONT SIZE=2>> > > can ask to be warned and have a change to say ok</FONT>
<BR><FONT SIZE=2>> or</FONT>
<BR><FONT SIZE=2>> > > no when a program tries</FONT>
<BR><FONT SIZE=2>> > > to access another machine or the net. You'll be</FONT>
<BR><FONT SIZE=2>> > > amazed about how many</FONT>
<BR><FONT SIZE=2>> > > Microsoft and other vendow programs do so for no</FONT>
<BR><FONT SIZE=2>> > > reason related to your</FONT>
<BR><FONT SIZE=2>> > > current operation in progress. If you're not</FONT>
<BR><FONT SIZE=2>> > > already paranoid, that will</FONT>
<BR><FONT SIZE=2>> > > make you so.</FONT>
<BR><FONT SIZE=2>> > > </FONT>
<BR><FONT SIZE=2>> > > -----Original Message-----</FONT>
<BR><FONT SIZE=2>> > > From: accessd-bounces@databaseadvisors.com</FONT>
<BR><FONT SIZE=2>> > > [<A HREF="mailto:accessd-bounces@databaseadvisors.com">mailto:accessd-bounces@databaseadvisors.com</A>]On</FONT>
<BR><FONT SIZE=2>> > > Behalf Of Jim DeMarco</FONT>
<BR><FONT SIZE=2>> > > Sent: Friday, May 23, 2003 8:03 AM</FONT>
<BR><FONT SIZE=2>> > > To: AccessD (E-mail)</FONT>
<BR><FONT SIZE=2>> > > Subject: [AccessD] OT: DSL/IIS/Viruses</FONT>
<BR><FONT SIZE=2>> > > </FONT>
<BR><FONT SIZE=2>> > > </FONT>
<BR><FONT SIZE=2>> > > List,</FONT>
<BR><FONT SIZE=2>> > > </FONT>
<BR><FONT SIZE=2>> > > A while back I got a DSL connection on my home</FONT>
<BR><FONT SIZE=2>> > > office PC which I</FONT>
<BR><FONT SIZE=2>> > > occasionally use for web development using</FONT>
<BR><FONT SIZE=2>> Personal</FONT>
<BR><FONT SIZE=2>> > > Web Server (Win 9x/ME</FONT>
<BR><FONT SIZE=2>> > > version of IIS). I was advised by our staff</FONT>
<BR><FONT SIZE=2>> network</FONT>
<BR><FONT SIZE=2>> > > person NOT to run PWS</FONT>
<BR><FONT SIZE=2>> > > after the DSL was up because I'd be succeptable</FONT>
<BR><FONT SIZE=2>> to</FONT>
<BR><FONT SIZE=2>> > > attacks and viruses.</FONT>
<BR><FONT SIZE=2>> > > Does anyone know if this is true? I have not</FONT>
<BR><FONT SIZE=2>> run</FONT>
<BR><FONT SIZE=2>> > > PWS in a couple of months</FONT>
<BR><FONT SIZE=2>> > > and have been using a disconnected laptop to</FONT>
<BR><FONT SIZE=2>> write</FONT>
<BR><FONT SIZE=2>> > > ASP code but I'm</FONT>
<BR><FONT SIZE=2>> > > wondering if this is necessary. Would I need to</FONT>
<BR><FONT SIZE=2>> > > install a firewall if I</FONT>
<BR><FONT SIZE=2>> > > want to run PWS?</FONT>
<BR><FONT SIZE=2>> > > </FONT>
<BR><FONT SIZE=2>> > > Thanks,</FONT>
<BR><FONT SIZE=2>> > > </FONT>
<BR><FONT SIZE=2>> > > Jim DeMarco</FONT>
<BR><FONT SIZE=2>> > > </FONT>
<BR><FONT SIZE=2>> > > </FONT>
<BR><FONT SIZE=2>> > ></FONT>
<BR><FONT SIZE=2>> > </FONT>
<BR><FONT SIZE=2>> > </FONT>
<BR><FONT SIZE=2>> ></FONT>
<BR><FONT SIZE=2>></FONT>
<BR><FONT SIZE=2>****************************************************************************</FONT>
<BR><FONT SIZE=2>> > > *******</FONT>
<BR><FONT SIZE=2>> > > "This electronic message is intended to be for</FONT>
<BR><FONT SIZE=2>> the</FONT>
<BR><FONT SIZE=2>> > > use only of the named</FONT>
<BR><FONT SIZE=2>> > > recipient, and may contain information from</FONT>
<BR><FONT SIZE=2>> Hudson</FONT>
<BR><FONT SIZE=2>> > > Health Plan (HHP) that is</FONT>
<BR><FONT SIZE=2>> > > confidential or privileged. If you are not the</FONT>
<BR><FONT SIZE=2>> > > intended recipient, you are</FONT>
<BR><FONT SIZE=2>> > > hereby notified that any disclosure, copying,</FONT>
<BR><FONT SIZE=2>> > > distribution or use of the</FONT>
<BR><FONT SIZE=2>> > > contents of this message is strictly prohibited.</FONT>
<BR><FONT SIZE=2>> If</FONT>
<BR><FONT SIZE=2>> > > you have received this</FONT>
<BR><FONT SIZE=2>> > > message in error or are not the named recipient,</FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>=== message truncated ===</FONT>
</P>
<P><FONT SIZE=2>_______________________________________________</FONT>
<BR><FONT SIZE=2>AccessD mailing list</FONT>
<BR><FONT SIZE=2>AccessD@databaseadvisors.com</FONT>
<BR><FONT SIZE=2><A HREF="http://databaseadvisors.com/mailman/listinfo/accessd" TARGET="_blank">http://databaseadvisors.com/mailman/listinfo/accessd</A></FONT>
<BR><FONT SIZE=2>Website: <A HREF="http://www.databaseadvisors.com" TARGET="_blank">http://www.databaseadvisors.com</A></FONT>
</P>
</BODY>
</HTML>