Manu Heirbaut wrote: > > * Adam William Lydick ([EMAIL PROTECTED]) wrote: > > That said, I use a hub out of my dorm (and ip aliasing, which is neat > > stuff) and don't really have any problems. I also don't have a serious > > firewall setup, if I did, I'd probably use a dual (or probally 3-NIC) > > setup. > > What advantage would a 3-NIC setup have over a dual setup ? > I'm sorry if this is a dump question, but I just started out on > following these security issues because now I finally have DSL the > need for securety is not a luxery any more.
With three NICs you can have a DMZ for internet accessible servers that is totally separate from you local systems network. This way you can set more restrictive firewall rules for the machines in the DMZ. I use a DMZ for my web and DNS servers. They have a very high level of restriction on what they are able to do network wise. On the other hand my general use systems are behind much less restrictive filtering rules. For an example the machines on the DMZ segment aren't allowed to make WEB, telnet, or ftp connections to other systems, even my general use systems. The DMZ systems can't access any of my general use systems except via ssh. I've also made it really hard for them to do general scanning as most ports are blocked from going out at the firewall. -- | Bryan Andersen | [EMAIL PROTECTED] | http://www.nerdvest.com | | Buzzwords are like annoying little flies that deserve to be swatted. | | -Bryan Andersen |
