Martin Reid
mwp.reid at qub.ac.uk
Fri May 23 14:42:38 CDT 2003
http://hallinternet.com/net_history_trends/188.shtml Found this on the web. Not sure if its any use. I have a gateway/router sitting in front of me now but havnt installed it yet LOL. I am lucky, I can relay on the networks guys in work to sort all this stuff out for me even at home. Martin On May 23 2003, Frank Tanner III wrote: > Depends. If your IP address will be changing, the > outside one, or you will be wanting to access it from > different locations, not likely. Most consumer > firewalls don't have that sort of authentication > mechanism built into them. It's sort of an > all-or-nothing solution. > > Usually you will be stuck with a rule similar to : > >From WAN to LOCAL_IP forward Port_80 allow. Something > similar to that. Obviously that's "pseudo code". > Your firewall's syntax will vary. If you will be > connecting from a non-random location with a static IP > address you can say : From WAN_IP to Local_IP forward > Port_80 allow. Where WAN_IP would be the public IP > address of the remote location you will be connecting > from. > > Alot of routers have an authentication piece in them, > but it'd for outgoing only. That sorta thing is real > good for locking it down so your kids can't surf the > net or whatever without supervision. > > --- "Hale, Jim" <jim.hale at fleetpride.com> wrote: > > If I have a router with a built in firewall and I > > set up a web server for > > development work on my lan behind the firewall will > > I be able to access the > > web server sites but the outside world will not? > > Jim Hale > > > > -----Original Message----- > > From: Frank Tanner III > > [mailto:pctech at mybellybutton.com] > > Sent: Friday, May 23, 2003 10:54 AM > > To: accessd at databaseadvisors.com > > Subject: RE: [AccessD] OT: DSL/IIS/Viruses > > > > > > Depends. > > > > If you go the "firewall appliance" route, such as > > SinocWall, you're looking at close to a thousand > > bucks > > (the last time I checked). If you go the "I'm > > taking > > a PC, putting multiple network cards in it and > > making > > a firewall out of it." you can get away for free if > > you have the hardware readily available. > > > > My firewall is a P3-700 PC with 256MB of RAM, an 8GB > > hard drive and 4 network cards. Hardware-wise this > > firewall is way overkill for what I need, . I > > wouldn't recommend anything less than a P2-333 for a > > firewall though if you have a DSL or cablemodem > > based > > Internet connection. For an OS it's running a > > hardened minimilistic flavor of Red Hat Linux 8.0. > > I'm running the built-in IPTables firewall for all > > of > > my firewalling needs. That makes the OS and > > firewall > > free too. > > > > --- Jim DeMarco <Jdemarco at hshhp.org> wrote: > > > Thanks Martin. > > > > > > >From what I'm gathering from this thread I should > > > look into a hardware solution (that the fact that > > > I'm running WinME on a P200 that's a relatively > > slow > > > performer as is). How costly might that be? > > > > > > Jim DeMarco > > > > > > > > > > > > -----Original Message----- > > > From: Mwp.Reid at Queens-Belfast.AC.UK > > > [mailto:Mwp.Reid at Queens-Belfast.AC.UK] > > > Sent: Friday, May 23, 2003 11:12 AM > > > To: accessd at databaseadvisors.com > > > Subject: RE: [AccessD] OT: DSL/IIS/Viruses > > > > > > > > > Jim > > > > > > You run a web server at hoem your always at risk > > of > > > hacking attempts. Put up a secent firewall. > > > > > > I have IIS running on a server here but its not > > > connected to the web. Dosnt matter for dev work at > > > all. I connect as and when I need to. Other than > > > that I leave the server of the modems. > > > > > > > > > > > > Martin > > > > > > > > > On May 23 2003, Jim DeMarco wrote: > > > > > > > What about running it on another machine on my > > > (wireless) network that's > not directly connected > > > to my DSL modem but has Internet access via that > > > > connection? Is that any safer? > > > > > > > > Jim DeMarco > > > > > > > > > > > > -----Original Message----- > > > > From: Frank Tanner III > > > [mailto:pctech at mybellybutton.com] > > > > Sent: Friday, May 23, 2003 9:29 AM > > > > To: accessd at databaseadvisors.com > > > > Subject: RE: [AccessD] OT: DSL/IIS/Viruses > > > > > > > > > > > > Personally, I wouldn't run ANY public accessable > > > > services on my LAN. There is a MUCH safer way > > to > > > do > > > > it, but it isn't super cheap. > > > > > > > > I have a custom built firewall, which I run at > > > home. > > > > The "public" side of it connects directly to my > > > > Internet connection, in this case a 1Mbit VDSL > > > > connection. Then I have a "private" side, which > > > > connects to my LAN, and has my strict firewall > > > rules. > > > > Only what I want gets in and out. Lastly, I > > have > > > a > > > > "DMZ". This is where I place my publicly > > > accessable > > > > machines. It is still firewalled, but not as > > > > stringently as the LAN side, since the public > > > needs to > > > > hit it. Even in this DMZ I only let through the > > > ports > > > > I absolutely need to. Such as 80 & 443 for Web, > > > 25 & > > > > 110 for e-mail, etc. My LAN is also firewalled > > > from > > > > my DMZ in this configuration except for what's > > > > absolutely needed. > > > > > > > > In this confugiration, unless I specifically > > open > > > an > > > > e-mail with a virus attached, or something silly > > > like > > > > that, I'm about as safe as one can get from "the > > > big > > > > bad Internet". The worst that can happen is > > that > > > > there is an exploit for one of my publicly > > > accessable > > > > boxes and they get compromised. My LAN is still > > > safe. > > > > > > > > As a side note, my firewall, web server, and > > > e-mail > > > > server are all running Linix or FreeBSD. This > > > makes > > > > them less succeptable to all of the more common > > > > attacks that the "script kiddies" like to use. > > > About > > > > 80% of the attacks and defacements on publicly > > > > accessable servers are done by "script kiddies". > > > > > An > > > > added benifit is that IIS specific exploits have > > > no > > > > affect other than to fill my logs, which archive > > > and > > > > rotate off daily. > > > > > > > > Is this a bit excessive, since I don't run a > > > business > > > > out of my home? Yeah, it is. But there's no > > such > > > > thing as too much security. > > > > > > > > --- John Frederick <j.frederick at att.net> wrote: > > > > > Yes, it is necessary. When I started doing > > .asp > > > on > > > > > the same machine I used > > > > > to dial-up to get email, I got, over some > > period > > > of > > > > > time, about a dozen > > > > > different viruses, some of which propagated > > > through > > > > > my lan to other > > > > > machines. If you can't block the access from > > > the > > > > > net to your machines, you > > > > > need to either use a firewall or disconnect > > the > > > pws > > > > > machine from the lan. > > > > > > > > > > P.S.: If you put firewalls, such as Norton or > > > McAfee > > > > > on your machines, you > > > > > can ask to be warned and have a change to say > > ok > > > or > > > > > no when a program tries > > > > > to access another machine or the net. You'll > > be > > > > > amazed about how many > > > > > Microsoft and other vendow programs do so for > > no > > > > > reason related to your > > > > > current operation in progress. If you're not > > > > > already paranoid, that will > > > > > make you so. > > > > > > > > > > -----Original Message----- > > > === message truncated ===> > _______________________________________________ > > AccessD mailing list > > AccessD at databaseadvisors.com > > http://databaseadvisors.com/mailman/listinfo/accessd > > Website: http://www.databaseadvisors.com > > > > _______________________________________________ > AccessD mailing list > AccessD at databaseadvisors.com > http://databaseadvisors.com/mailman/listinfo/accessd > Website: http://www.databaseadvisors.com > -- Martin WP Reid Analyst Information Services Queens University Belfast