"Young, Beth A." wrote:
>
> So, how can I segregate so few workstations without putting a firewall in
> each location? The expense of the 6 firewalls would be too costly for the
> department.
- Use access list at routers. This is kind of packet filtering firewall,
at no so much cost.
- Harden your machines. Disable every service you don't need. Delete every
account you don't need. Trash every stuff you don't need.
- Use wrappers in your machines. If they're UNIX, consider using ipf or
something like to filter trafic at host level.
- Use VLAN's if possible.
- Use VPN's (VTUN, ssh or stuff like that) for the communication between
your own machines.
In the other hand, OpenBSD firewalls could be a solution, they're cheap
and effective, but you need to know how to setup and mantain them...
Or you may consider placing firewall at host level (like Check Point's
SecureServer), they're very cheap.
Hope this helps... Regards.
--
Martin Humberto Hoz Salvador
Information Security Consultant (ISS ICU, Check Point CCSE)
C I T I
Sendero Sur 285 Col. Contry, Monterrey, Nuevo Leon 64860, MEXICO
Phone: +(52)(8) 357-2267 x139 Fax: +(52)(8) 357-8047
E-mail: [EMAIL PROTECTED] WWW: http://www.citi.com.mx
PGPKey ID: 0x0454E8D9 ICQ Number: 31631540
GIT d- s:(+:+) a-- C+(++++)>$ SILH++++ P++ L+++ E W++ N+ o-- K- w
O M V PS+ PE++ Y+ PGP++ t 5 X+ R tv- b+ DI+ D++ G++ e++ h-- r+ y++
"The software said it requires Windows 95 or *better*, so I installed
GNU/Linux"
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
