on 16/7/02 22:40, Eagle at [EMAIL PROTECTED] wrote:
> That's true, but what one of these el-cheapo "cable/dsl router/firewall"
> things will do is protect your entire network. I have anywhere from
> 1-10 machines online in my house, and I only have to worry about the
> security of the ones that are accessible from the outside.
>
> The Linux machine I spoke of earlier is not at my house - it is
> collocated and is just accessible as my OS X box at home. The
> difference is that I provide access on the OS X box to services
> (AppleShare, FTP, etc) that are not available outside, so any
> vulnerabilities to those services will not affect the ability of kiddies
> to access my OS X box. That's a nice bit of reassurance.
>
> In addition to what I said earlier ("the rules are few and simple") I'll
> add this in summary: paranoia is one thing (and is probably not
> necessary) -- but a reasonable set of precautions is another (and is a
> very good thing).
>
> Eagle
I've got a similar setup. I've got a firewall box running Smoothwall Linux.
I've got ports forwarded for http (80) and mail (25 and 110) going to my
server machine. On this server machine I have ssh disabled as well as
appletalk turned off. All other machines on the network talk to the outside
world through the firewall and run no services which are accessable to the
outside world. They can ssh to each other as well as access several other
services. Since they have no ports forwarded from the firewall they are
protected from the outside world. The servers drive is cloned daily so that
even if someone manages to kill the box I can copy the data back over to the
drive after wiping it and be back up and running in under half an hour. It's
not perfect since there are outside connections to the rest of the world and
just having that creates a vulnerability but it's pretty tight and I'm
comfortable with the level of security I've achieved.
--
G-List is sponsored by <http://lowendmac.com/> and...
Small Dog Electronics http://www.smalldog.com | Refurbished Drives |
-- We have Apple Refurbished Monitors in stock! | & CDRWs on Sale! |
Support Low End Mac <http://lowendmac.com/lists/support.html>
G-List list info: <http://lowendmac.com/lists/g-list.shtml>
Send list messages to: <mailto:[EMAIL PROTECTED]>
To unsubscribe, email: <mailto:[EMAIL PROTECTED]>
For digest mode, email: <mailto:[EMAIL PROTECTED]>
Subscription questions: <mailto:[EMAIL PROTECTED]>
Archive: <http://www.mail-archive.com/g-list%40mail.maclaunch.com/>
Using a Macintosh? Get free email and more at Applelinks!
<http://www.applelinks.com>
