Date: Mon, 26 Nov 2001 17:05:04 -0800 From: "Crist J. Clark" <cristjc@earthlink.net> To: Ahsan Ali <ahsan@khi.comsats.net.pk> Cc: security@FreeBSD.ORG Subject: Re: Best security topology for FreeBSD Message-ID: <20011126170503.C418@gohan.cjclark.org> In-Reply-To: <001901c057dc$c69b9300$0100a8c0@ahsanalikh>; from ahsan@khi.comsats.net.pk on Mon, Nov 27, 2000 at 12:12:06AM %2B0500 References: <20011125013812.9839.qmail@web10106.mail.yahoo.com> <200111242124560932.023F3386@home.24cl.com> <002801c17564$1b5e2a60$060aa8c0@pcgameauthority.com> <20011126001931.D222@gohan.cjclark.org> <001901c057dc$c69b9300$0100a8c0@ahsanalikh>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Nov 27, 2000 at 12:12:06AM +0500, Ahsan Ali wrote: > What would the ideal security model for an ISP with a lot of sites and > services hosted be? A traditional ISP does (and should do) almost no filtering between its peer points and its clients. An ISP should protect its administrative network (accounting, marketing, etc.) and external service servers (SMTP, POP, HTTP, Radius, etc.) pretty much like any other large business. Some of these, like a Radius server, are not really seen in many other businesses and have different requirements (it is accepting requests from ISP owned machines on ISP owned network, but the network must be considered hostile since the customers have "raw" access to it). In an ISP environment, you have to depend on hardening hosts a lot more since many are required to operate in very insecure environments. And you might want to fix that clock of yours. Or you seem to be existing in some kind of time warp. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011126170503.C418>