Michael,
If you are a small company you should definitely consider using lower cost/higher
security software, e.g. Linux. A 486 Makes a decent DNS server, IDS or Firewall.
Anyway you look at it your overall costs are going to be much lower with Linux, and
you're going to learn some great stuff in the process. If you're concerned about the
difficulty of the task, just think of all the help you could get here...
Joseph Lyman
Graphic Products, Inc.
503-644-5572 ex 5662
800-788-5572 Toll Free
[EMAIL PROTECTED]
>>> Michael Kjorling <[EMAIL PROTECTED]> 09/13/01 09:26AM >>>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Please apologize me if this has been asked before, but I haven't seen
it lately at least.
Right now several of my servers are serving more than one thing - one
does web, mail (both SMTP and POP), and DNS. Another does the same and
adds the usual risks with being a workstation as well.
I have been lobbying to split this up on more machines, and using one
per service. That is, let one machine handle the email (possibly
forwarding it to internal systems), let one handle the web, two for
DNS (master and slave) and so on. But we are talking about a pretty
small company so I am having a problem of getting the hardware this
would require. It took an actual break-in to one of the systems before
I was allowed to buy a dedicated hardware firewall, and I would prefer
not having to go through the same mess again.
Could someone please give me some hints as to what the actual security
implications would be of a setup like this? As it is, the company in
question is rather dependant on their Internet connectivity (web site,
email and so on), and I don't want to get into trouble if someone
breaks in through a DNS implementation problem and then escalates
their access and starts messing with the web site, for example.
Any help is greatly appreciated!
Michael Kjörling
- --
Michael Kjörling - [EMAIL PROTECTED] - PGP: 8A70E33E
Manager Wolf.COM -- Programmer -- Network Administrator
"We must be the change we wish to see" (Mahatma Gandhi)
^..^ Support the wolves in Norway -- go to ^..^
\/ http://home.no.net/ulvelist/protest_int.htm \/
***** Please only send me emails which concern me *****
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For my PGP key: http://michael.kjorling.com/contact/pgp.html
iD8DBQE7oN5TKqN7/Ypw4z4RAkUwAJ43lou3pPNOtuDYx4Rp2DP64Tj1KQCeI0Tn
EDoYeS++weIT3TWxp3PnkWA=
=4/7X
-----END PGP SIGNATURE-----
