OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
NFR Wizards Archive: RE: Here is my plan for firewall implement

RE: Here is my plan for firewall implementation


Jim Raykowski (raykowsjnosc.mil)
Wed, 24 Sep 1997 18:19:10 -0700


Arron,
  I am placing are public web server outside the firewall along with are
public ftp server, that way I am still protecting the inside lan from
outside attacks. It looks something like this

    INTERNET
        |
        |
     ROUTER
        |
web-----|--------ftp
server | server
        |
       BASTION
         HOST
        |
        |
       ROUTER
        |
        |
      INTERNAL
          LAN

  There are two NIC's in the bastion host one that see's the outside and
the other see's this inside. Both routers have packet filtering and ACL's
setup to block known spamers and unwanted IP numbers dual to their
suspicious ways.
Later,

At 12:30 PM 9/23/97 PDT, you wrote:
>This is a good chance for me to learn more about building a firewall. If
>you don't mind I would like to ask a few questions regarding the
>placement of your web server. You mentioned you would have HTTP proxy on
>the firewall. Where would you place your web server (behind the firewall
>or on the network between Internet connection and firewall)? Which one
>is more secure? Any suggestion are welcome.
>
>Thanks in advance
>
>Aaron Tong
>Professional Service
>NCR (Hong Kong) Ltd.
>Tel: (852) 2859 6913
>Fax: (852) 2506 4436
>E-mail: aaron.tonghongkong.ncr.com
>
> ----------
>From: owner-firewall-wizards[SMTP:owner-firewall-wizardsnfr.net]
>Sent: Friday, September 19, 1997 7:30 PM
>To: firewall-wizards; fwtk-user
>Subject: Here is my plan for firewall implementation
>
>part1 (text/plain)
> ------------------------------
>
>Hello All,
> Here is my plan for implementating a firewall at my site and I would
>like
>to hear some comments on the goods and bads.
> Here are the systems to be protected as we speak. 1 Novell 3.12 file
>server, 1 NT 4.0 Server running as a PDC and MS Exchange Server, 1 NT 4.0
>Server running as BDC. 85 Windows for Workgroups 3.X workstations
>running
>MS Office Professional 4.3, MS Exchange for both internal and internet
>e-mail supporting 160 users.
> My plan is to build a Pentium 133 with 32 MB RAM with 540 MB Hard Drive
>running Linux Slackware using kernel 2.0.30 and TIS Firewall Toolkit 2.0.
>I plan to use the SMTP, HTTP, TELNET, and FTP proxies from the FWTK and
>set
>up a fake DNS on this machine.
> I will build another Linux computer to act as the internal DNS that
>will
>forward all queries it cannot answer to the firewall and then forward
>answers back to the systems that asked. It will also be my network
>monitoring station and the station the I xfer all update to my external
>web
>and ftp servers.
> My default policy will be to deny all unless otherwise permitted. I am
>trying to protect the information as we deal with government contracts
>but
>still need access to the internet to look up data and exchange
>information
>with other contractors.
>Thanks,
>
>Jim Raykowski
>San Diego, CA
>jimrskicts.com
>
>
>
>The following binary file has been uuencoded to ensure successful
>transmission. Use UUDECODE to extract.
>
>
>Attachment Converted: "C:\jim\eudora\attachments\WINMAIL10.DAT"
>
>
>
Jim Raykowski
San Diego, CA
jimrskicts.com



This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:08:58 CDT