* This is the modus mailing list * NAT really isn't NAT anymore, it's more true to limited routing (one-to-one, one-to-many, etc). I understand your KISS method but their are many better solutions in my opinion.
Thank you, SiftX Support 866-891-0086 808-874-8916 Fax www.siftx.com ----- Original Message ----- From: "Brad Johnson" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, February 08, 2004 10:51 AM Subject: [Modus] Firewall and Security > * This is the modus mailing list * > > We use the Cisco IOS firewall feature set as well. It was incredibly simple > to setup. Enable ip inspection on your wan interfaces, then use an extended > ACL to open only those ports that are needed for outside client access (www, > ftp, etc). > > In my opinion, this solution offers the best protection for the least amount > of network reworking (assigning private ips to your servers, etc) and > doesn't require NAT, which means employees behind the firewall work with > servers just like clients outside the firewall will (none of this "well, if > you're here, the www server is 10.10.10.10 but if your at home its > 111.222.111.222"). > > Setup a syslog server to log to SQL and you can easily create web-based > reports on YOUR terms, rather than what the firewall software THINKS you > want to see. > > To date, I haven't heard an argument to make me look at anything else. > > > > Brad Johnson > Systems Administrator > Local Link Network Operations > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf > Of Jeff Willis - MIS > Sent: Sunday, February 08, 2004 11:05 AM > To: [EMAIL PROTECTED] > Subject: [Modus] Firewall and Security > > * This is the modus mailing list * > > We use the Cisco IOS firewall feature set in our Cisco routers > http://www.cisco.com/warp/public/cc/pd/iosw/ioft/iofwft/index.shtml > > This allows to open only the ports that are necessary for operation. As a > web hosting company with over 800 servers, firewall protect is a absolute > must. We are using 10 Cisco routers in various configurations > > We actually restrict access to certain ports for each server. > i.e. a web server will only have open ftp, www, https for inbound > connections > > A suggestion for sql server - since we rent dedicated sql servers, we use an > alternate port (1443 is always closed in the firewall) and restrict that > port to only allow the client IP address to access. > > The IOS feature set also has http. ftp, etc dynamic ACL's. This resolves teh > FTP problem with just using extended ACL's > > This has worked great for us and we have never been attacked, but have > blocked many attacks > > The basic rule is close EVERYTHING unless it is needed > > Jeff > > > > ----- Original Message ----- > From: "Cary Fitch" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Sunday, February 08, 2004 08:28 > Subject: [Modus] Firewall and Security > > > * This is the modus mailing list * > > One of the things we are about to do is move our SQL Server to a private > address. > > Since the only machines that need to talk to it are: Mail Server, Radius > Server(s), Web Server (Rodopi), that are on our network, it should be able > to be on private (non publicly routeable) addresses, and visable only to our > own net, thus protecting it from much "ill will". > > Those machines will have public and private addresses, but the SQL Server > would have only a private address. > > Other firewalling is also in progress. > > Cary Fitch > > Attend Peering Conference for ISP's, > April 23-24, 2004, Dallas Texas > Full info: http://www.peercon.org > > ----- Original Message ----- > From: "Globalnet" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Sunday, February 08, 2004 10:16 AM > Subject: [Modus] Firewall and Security > > > > * This is the modus mailing list * > > > > We are looking for some info as in regards to security. > > > > We have been approached by a security advisor that recommends we place our > > network behind a hardware firewall such as the Sonicwall Pro 230 > > > > > > Our concerns is how does this effect the network, etc in the since as one > > whom is a ISP, which all the various servers, network issues, etc, > > Bandwidth? Just about every aspect? > > > > Basically here we are in the blind, we want to secure all of our servers, > > Especially our sql nt machine running rodopi, mail server, running > > Modusmail, and Web servers, and FTP Servers, and Radius Servers > > > > Is hardware the best to go or what does one recommend in this issue? > > > > Any insight here would be appreciated. > > > > > > ** > > To unsubscribe, send an Email to: [EMAIL PROTECTED] > > with the word "UNSUBSCRIBE" in the body or subject line. > > > ** > To unsubscribe, send an Email to: [EMAIL PROTECTED] > with the word "UNSUBSCRIBE" in the body or subject line. > > > ** > To unsubscribe, send an Email to: [EMAIL PROTECTED] > with the word "UNSUBSCRIBE" in the body or subject line. > > > ** > To unsubscribe, send an Email to: [EMAIL PROTECTED] > with the word "UNSUBSCRIBE" in the body or subject line. ** To unsubscribe, send an Email to: [EMAIL PROTECTED] with the word "UNSUBSCRIBE" in the body or subject line.
