Re: SCO 5.0.7 AS FIREWALL
From: Tony Lawrence (foo_at_pcunix.com)
Date: 05/24/05
- Previous message: Jean-Pierre Radley: "Re: SCO 5.0.7 AS FIREWALL"
- In reply to: Jean-Pierre Radley: "Re: SCO 5.0.7 AS FIREWALL"
- Next in thread: Bill Vermillion: "Re: SCO 5.0.7 AS FIREWALL"
- Reply: Bill Vermillion: "Re: SCO 5.0.7 AS FIREWALL"
- Reply: Jeff Liebermann: "Re: SCO 5.0.7 AS FIREWALL"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Tue, 24 May 2005 17:47:56 -0400
Jean-Pierre Radley wrote:
> pablo hernandez typed (on Tue, May 24, 2005 at 01:37:37PM -0700):
> | Jean-Pierre Radley <jpr@jpr.com> wrote in message news:<20050523205840.GC14018@jpradley.jpr.com>...
> | > pablo hernandez typed (on Mon, May 23, 2005 at 01:28:26PM -0700):
> | > | "Mainak Yajnik" <yajnikmp@gmail.com> wrote in message news:<1116860194.547203.244810@g44g2000cwa.googlegroups.com>...
> | > | > Dear Group:
> | > | >
> | > | > In my last thread I was unable to configure the box acting as router.
> | > | > Well with the groups help I was able to do the needful.
> | > | >
> | > | > A special Thanx to Mr. Tony (aplawrance.com) & JP for helping me achive
> | > | > my target.
> | > | >
> | > | > Apprently I found my server is accessible from Internet and is security
> | > | > hazard for my organisation.
> | > | >
> | > | > I want to block Telnet on the server. I have already configured SSH and
> | > | > is working fine.
> | > | >
> | > | > I also want to have the server to give me secure ftp login.
> | > | >
> | > | > My current Security setting of SCO box is set to Traditional.
> | > | >
> | > | >
> | > | > Mainak
> | > |
> | > | In my opinion is better to install a hardware firewall like zysell on
> | > | the WAN side , then is easy to configure it to only access some
> | > | services.
> | >
> | > Why is it any harder than doing it with ipf?
> |
> | In my humble opinion , an external wall cuts all WAN activity , but
> | host can still serve the LAN .
> | On the conceptual side , an externall wall is better thatn joining the
> | wall and castel .
> |
> | but this is only my humble opinion
>
> OK, I understand your point of view, but my question was why the
> conjoined wall is harder to configure than the separate wall? :-)
>
By default, most firewall appliances pass nothing inward that did not
originate inside. If indeed there is nothing you want initiated from
outside, you have no configuration other than its two addresses.
I absolutely agree that an external hardware firewall is easier. Of
course, I'm a fruitcake, so I run both an external hardware fw and an
internal hw firewall AND disable the services I don't want. On top of
that I'll add anything like pam that can give me extra protection for
the services I'm not running, that are blocked by software fw rules, and
that aren't set to pass through the hw firewall anyway.. as I said,
fruitcake.
My purpose is simply to protect myself from my own stupidity (an
abundant supply of that is always stocked), though it does help that I
can upgrade or temporarily disable any component without worrying much
about what will happen. On the con side, when I do want to let
something in, it becomes a real PITA - but it should be, imho. I had
quite an argument about just this subject recently: see
http://aplawrence.com/Security/valuefirewalls.html
-- Tony Lawrence Unix/Linux/Mac OS X resources: http://aplawrence.com
- Previous message: Jean-Pierre Radley: "Re: SCO 5.0.7 AS FIREWALL"
- In reply to: Jean-Pierre Radley: "Re: SCO 5.0.7 AS FIREWALL"
- Next in thread: Bill Vermillion: "Re: SCO 5.0.7 AS FIREWALL"
- Reply: Bill Vermillion: "Re: SCO 5.0.7 AS FIREWALL"
- Reply: Jeff Liebermann: "Re: SCO 5.0.7 AS FIREWALL"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
