Re: Help Adding Another Website

From: Joe Beanfish (joebeanfish_at_nospam.duh)
Date: 07/21/03 

Date: Mon, 21 Jul 2003 13:09:35 -0400

Mark Antonson wrote:
> "Bit Twister" <BitTwister@localhost.localdomain> wrote in message
> news:slrnbhgetq.38b.BitTwister@wb.home...
> > On Fri, 18 Jul 2003 13:28:51 -0400, Joe Beanfish wrote:
> > >>
> > >> Cable Modem -> Hub -> Firewall 1 -> Network and Old Server
> > >> -> Firewall 2 -> New Server
> > >
> > > Do you really need the servers isolated from each other by firewall?
> > > You could do this (which is probably more common)
> >
> > It would help keep malware installed on the New Server from
> > getting easy access to boxes on the Old server network.
>
> I'm thinking now that I'll just put the new BSD machine out there on it's
> own. Unfortunately, the PIX 506 doesn't support more than 2 interfaces, and
> the boss wants seperate IP addresses for both websites. So I think I'll end
> up with something like this:
>
> Cable Modem -> Switch -> Cisco PIX and existing network
> -> New BSD server
>
> I think this should be ok, and I plan on locking the new BSD machine down as
> much as possible and keeping it patched religiously (FreeBSD 5.1, Apache 2,
> and Qmail are all I plan on running on it, besides SSH for admin, etc. No
> ftp or telnet).

Unless you're using "interface" to mean "ip" you don't need multiple
interfaces.
An "interface" is generally an ethernet port or such. Just plug the
cable modem
into the firewall's incoming port and plug the firewall's outgoing port
into
into the hub/switch. Then plug as many other devices as desired into the
hub/switch.
Then all devices are protected from the outside (but not from each
other).

Also, don't be fooled into thinking there's anything particularly more
secure
about ssh rather than telnet. That's only true in the case of packet
sniffing.
You're more likely to get broken into because of flaky software. ssh is
equally
vulnerable to such attacks.

Relevant Pages

  • Re: ipfw and nmap
    ... > even be correct but I have a bsd box that is simply providing me SSH ... add allow tcp from any to me 22 setup in via fxp0 keep-state ... Note too that there is nothing to prevent port scanners simply setting ... the 'SYN' flag in the probe packets they send to your server. ...
    (freebsd-questions)
  • Re: Remote Desktop directly to another computer on the network
    ... default port... ... And there is no reason for me to believe that ssh ... When I have a multibillion company I will use the key pair, ... WinSCP for that to access my home SSH server. ...
    (microsoft.public.windowsxp.work_remotely)
  • Re: need help for setting SSH Server for Windows XP
    ... In my windows firewall proper ports are opened. ... Changing from port 22 to ports 80, 443 also doesn't give any results. ... static LAN IP of the server PC. ... It is *NOT* a valid test to call the SSH server PC from another ...
    (microsoft.public.windowsxp.work_remotely)
  • Re: Port Forwarding -- Checking to be sure I understand it
    ... They run an ssh ... server and VNC service. ... If you want to run the tunnel over some port other than 22 (the ... restrictive firewalls that deny all incoming connections and block most ...
    (comp.security.ssh)
  • Re: Which shell / terminaltype for SSH Tectia for Windows?
    ... My remote Windows2003 server runs SSH Tectia 4.05 Server. ... That's the SMTP port, for email, not the port for SSH. ... the output from vim is not shown to me, ...
    (comp.security.ssh)