Frank Tanner III
pctech at mybellybutton.com
Fri May 23 09:47:51 CDT 2003
If it touches the Internet in any way, except through a firewall, it's vulnerable. Some wireless routers have a built-in "firewall", but I'm not sure how secure they really are. I never trust multi-function systems like that. I use a wireless router for wireless connections, and a firewall for a firewall. --- Jim DeMarco <Jdemarco at hshhp.org> wrote: > What about running it on another machine on my > (wireless) network that's not directly connected to > my DSL modem but has Internet access via that > connection? Is that any safer? > > Jim DeMarco > > > -----Original Message----- > From: Frank Tanner III > [mailto:pctech at mybellybutton.com] > Sent: Friday, May 23, 2003 9:29 AM > To: accessd at databaseadvisors.com > Subject: RE: [AccessD] OT: DSL/IIS/Viruses > > > Personally, I wouldn't run ANY public accessable > services on my LAN. There is a MUCH safer way to do > it, but it isn't super cheap. > > I have a custom built firewall, which I run at home. > > The "public" side of it connects directly to my > Internet connection, in this case a 1Mbit VDSL > connection. Then I have a "private" side, which > connects to my LAN, and has my strict firewall > rules. > Only what I want gets in and out. Lastly, I have a > "DMZ". This is where I place my publicly accessable > machines. It is still firewalled, but not as > stringently as the LAN side, since the public needs > to > hit it. Even in this DMZ I only let through the > ports > I absolutely need to. Such as 80 & 443 for Web, 25 > & > 110 for e-mail, etc. My LAN is also firewalled from > my DMZ in this configuration except for what's > absolutely needed. > > In this confugiration, unless I specifically open an > e-mail with a virus attached, or something silly > like > that, I'm about as safe as one can get from "the big > bad Internet". The worst that can happen is that > there is an exploit for one of my publicly > accessable > boxes and they get compromised. My LAN is still > safe. > > As a side note, my firewall, web server, and e-mail > server are all running Linix or FreeBSD. This makes > them less succeptable to all of the more common > attacks that the "script kiddies" like to use. > About > 80% of the attacks and defacements on publicly > accessable servers are done by "script kiddies". An > added benifit is that IIS specific exploits have no > affect other than to fill my logs, which archive and > rotate off daily. > > Is this a bit excessive, since I don't run a > business > out of my home? Yeah, it is. But there's no such > thing as too much security. > > --- John Frederick <j.frederick at att.net> wrote: > > Yes, it is necessary. When I started doing .asp > on > > the same machine I used > > to dial-up to get email, I got, over some period > of > > time, about a dozen > > different viruses, some of which propagated > through > > my lan to other > > machines. If you can't block the access from the > > net to your machines, you > > need to either use a firewall or disconnect the > pws > > machine from the lan. > > > > P.S.: If you put firewalls, such as Norton or > McAfee > > on your machines, you > > can ask to be warned and have a change to say ok > or > > no when a program tries > > to access another machine or the net. You'll be > > amazed about how many > > Microsoft and other vendow programs do so for no > > reason related to your > > current operation in progress. If you're not > > already paranoid, that will > > make you so. > > > > -----Original Message----- > > From: accessd-bounces at databaseadvisors.com > > [mailto:accessd-bounces at databaseadvisors.com]On > > Behalf Of Jim DeMarco > > Sent: Friday, May 23, 2003 8:03 AM > > To: AccessD (E-mail) > > Subject: [AccessD] OT: DSL/IIS/Viruses > > > > > > List, > > > > A while back I got a DSL connection on my home > > office PC which I > > occasionally use for web development using > Personal > > Web Server (Win 9x/ME > > version of IIS). I was advised by our staff > network > > person NOT to run PWS > > after the DSL was up because I'd be succeptable to > > attacks and viruses. > > Does anyone know if this is true? I have not run > > PWS in a couple of months > > and have been using a disconnected laptop to write > > ASP code but I'm > > wondering if this is necessary. Would I need to > > install a firewall if I > > want to run PWS? > > > > Thanks, > > > > Jim DeMarco > > > > > > > **************************************************************************** > > ******* > > "This electronic message is intended to be for the > > use only of the named > > recipient, and may contain information from Hudson > > Health Plan (HHP) that is > > confidential or privileged. If you are not the > > intended recipient, you are > > hereby notified that any disclosure, copying, > > distribution or use of the > > contents of this message is strictly prohibited. > If > > you have received this > > message in error or are not the named recipient, > > please notify us > > immediately, either by contacting the sender at > the > > electronic mail address > > noted above or calling HHP at (914) 631-1611. If > you > > are not the intended > > recipient, please do not forward this email to > > anyone, and delete and > > destroy all copies of this message. Thank You". > > > **************************************************************************** > > ******* > > > > _______________________________________________ > > AccessD mailing list > > AccessD at databaseadvisors.com > > > http://databaseadvisors.com/mailman/listinfo/accessd > > Website: http://www.databaseadvisors.com > > > > > > _______________________________________________ > > AccessD mailing list > > AccessD at databaseadvisors.com > > > http://databaseadvisors.com/mailman/listinfo/accessd > > Website: http://www.databaseadvisors.com > > _______________________________________________ > AccessD mailing list > AccessD at databaseadvisors.com > http://databaseadvisors.com/mailman/listinfo/accessd > Website: http://www.databaseadvisors.com > > > *********************************************************************************** > "This electronic message is intended to be for the > use only of the named recipient, and may contain > information from Hudson Health Plan (HHP) that is > confidential or privileged. If you are not the > intended recipient, you are hereby notified that any > disclosure, copying, distribution or use of the > contents of this message is strictly prohibited. If > you have received this message in error or are not > the named recipient, please notify us immediately, > either by contacting the sender at the electronic > mail address noted above or calling HHP at (914) > 631-1611. If you are not the intended recipient, > please do not forward this email to anyone, and > delete and destroy all copies of this message. > Thank You". > *********************************************************************************** > > _______________________________________________ > AccessD mailing list > === message truncated ===