Re: [SLUG] Network Problem

[mkraus]

G'day....

Ok... more of a security than linux issue...

The way you described leaves your web server overly exposed - better to place it in a DMZ.


Internet  ----------  ADSL router/modem  ----------  Firewall  ----------  Internal Network
                                                        |
                                                        |
                                                        |
                                                    Web Server


Note that your web server and internal network exist on two different network segments, with the firewall controlling access.


An even more secure setup would be as follows:


Internet ------ ADSL router/modem ------ Firewall ------ Web Server ------ Firewall ------ Internal Network


Where your two firewalls are of different vendors.




Warmest regards

Mike
---
Michael S. E. Kraus
Network Administrator
Capital Holdings Group (NSW) Pty Ltd
p: (02) 9955 8000

moise lim <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 25/06/2003 03:01 PM

To:        Sydney LUG <[EMAIL PROTECTED]>         cc:                 Subject:        Re: [SLUG] Network Problem

On Wednesday 25 June 2003 11:07 am, El 4Love wrote:
> i was only involved in programming  on machines setup by administrators
> all this while and now only I managed to setup my own network at home.
>
> I am certainly not aware of many of the security related issues. I would
> appreciate if someone could let me know how bad the security is in my
> network, and suggestions to rectify it.

well... i m no expert on network security and i can only go by what i have
come across in my readings ...

my understanding is that a more secure setup is probably

                                          --------
                                          Internet
                                          --------
                                             /
                                             /
                                          -------
                                          ADSL
                                          -------
                                             /
                                             /
                                          ---------
                                          Web svr
                                          ---------
                                             /
                                             /
                                          ---------
                                          Firewall
                                          ---------
                                             /
                                             /
                                          --------------
                                          My Network
                                          --------------

as i do not have a publicly accessed web svr myself .. i am simply guessing at
the above topology ... and i m happy to be corrected by those more familiar
with such matters :)

i have seen previously from one of the other postings where a firewall was
installed between the ADSL and Web Svr as well
--
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug

-- 
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug