Date: Fri, 20 Aug 1999 11:52:18 -0700 (PDT) From: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net> To: yurtesen@ispro.net.tr (Evren Yurtesen) Cc: freebsd-security@FreeBSD.ORG Subject: Re: multiple machines in the same network Message-ID: <199908201852.LAA24307@gndrsh.dnsmgr.net> In-Reply-To: <37BD9E40.7B95E73E@ispro.net.tr> from Evren Yurtesen at "Aug 20, 1999 09:28:16 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> Hello, > > We are an ISP and we want to let our customers to put their own hardware > into our network. But the thing we are concerned about is security of > course. How can we protect our system from customers' machines? I would strongly suggest that you place your customers on a ethernet switch. Any of the modern 10/100 switches work well for this. Each customer gets 1 port on the switch, if they have more than 1 machine they install thier own hub connected to the switch. This prevents them from sniffing other customers traffic. Then you need to setup a router between this switch and your DMZ with a firewall rule set that stops all the nasty stuff like RFC1918 nets, smurf amplifier (block the broadcast addresses to all known subnets), etc. > > I have heard about somehthing called "virtual network" but I am not sure > of what it means and even if it is the thing I am searching for ? You don't need VLAN's for this, it's overkill. -- Rod Grimes - KD7CAX - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199908201852.LAA24307>