Wortz, Charles
CWortz at tea.state.tx.us
Fri May 23 08:56:12 CDT 2003
Only if you have a firewall between your network and the outside world and you also secure your wireless so outsiders cannot get in that way. Charles Wortz Software Development Division Texas Education Agency 1701 N. Congress Ave Austin, TX 78701-1494 512-463-9493 CWortz at tea.state.tx.us -----Original Message----- From: Jim DeMarco [mailto:Jdemarco at hshhp.org] Sent: Friday 2003 May 23 08:45 To: accessd at databaseadvisors.com Subject: RE: [AccessD] OT: DSL/IIS/Viruses What about running it on another machine on my (wireless) network that's not directly connected to my DSL modem but has Internet access via that connection? Is that any safer? Jim DeMarco -----Original Message----- From: Frank Tanner III [mailto:pctech at mybellybutton.com] Sent: Friday, May 23, 2003 9:29 AM To: accessd at databaseadvisors.com Subject: RE: [AccessD] OT: DSL/IIS/Viruses Personally, I wouldn't run ANY public accessable services on my LAN. There is a MUCH safer way to do it, but it isn't super cheap. I have a custom built firewall, which I run at home. The "public" side of it connects directly to my Internet connection, in this case a 1Mbit VDSL connection. Then I have a "private" side, which connects to my LAN, and has my strict firewall rules. Only what I want gets in and out. Lastly, I have a "DMZ". This is where I place my publicly accessable machines. It is still firewalled, but not as stringently as the LAN side, since the public needs to hit it. Even in this DMZ I only let through the ports I absolutely need to. Such as 80 & 443 for Web, 25 & 110 for e-mail, etc. My LAN is also firewalled from my DMZ in this configuration except for what's absolutely needed. In this confugiration, unless I specifically open an e-mail with a virus attached, or something silly like that, I'm about as safe as one can get from "the big bad Internet". The worst that can happen is that there is an exploit for one of my publicly accessable boxes and they get compromised. My LAN is still safe. As a side note, my firewall, web server, and e-mail server are all running Linix or FreeBSD. This makes them less succeptable to all of the more common attacks that the "script kiddies" like to use. About 80% of the attacks and defacements on publicly accessable servers are done by "script kiddies". An added benifit is that IIS specific exploits have no affect other than to fill my logs, which archive and rotate off daily. Is this a bit excessive, since I don't run a business out of my home? Yeah, it is. But there's no such thing as too much security.