[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Demilitarized Zone

Hi Sunil,

Simple question with a complex answer!  I won't go into details right
here, but do keep the following things in mind:

1.  Some servers may need 2 ethernet interfaces to connect to both
sides of the firewall.

2. Port blocking and IP firewalling are your friends.

3. Keep open services down to the minimum.

4. Ssh is another friend.

5. Have some way of contacting your boxes over a non-IP connection,
e.g. a serial port.

6. Have different flavours of firewalls at the 2 ends of the DMZ.  You 
don't want a cracker who exploits one firewall to go ahead and exploit 
the second one with the same crack.

Lots more, can discuss more on private e-mail if you like.

Regards,

- -- Raju
- --
       Raj Mathur / Web Technical Support / Silicon Graphics / New Delhi
                  +91-124-349811         /    raju@xxxxxxx  / 551-7228
            http://reality.sgi.com/raju / Not necessarily speaking
           PGP: F2 D4 4A 21 27 B0 63 FF | for Silicon Graphics.
                15 97 9D AE 9D 40 BC B8 | It is the Mind that Moves

>>>>> "Sunil" == Sunil Sarat <sunil@xxxxxxxxxxxxxxx> writes:

    Sunil> Hi, With an existing setup of proxy servers+Web
    Sunil> servers+E-mail servers running linux, how do we setup a two
    Sunil> stage firewall (DMZ)? Right now I have a firewall running
    Sunil> on the proxy server with 2 cards.

    Sunil> Thanks in advance

    Sunil> Sunil Sarat
- --------------------------------------------------------------------
For more information on Linux in India visit http://www.linux-india.org/
Linux India is NOT a forum for Microsoft/India/Pakistan/US/UK bashing.
Flame baits will not be tolerated.  If you can appreciate satire read
http://www.templetons.com/brad/emily.html

------------------------------