Date: Sun, 12 Aug 2001 22:30:30 -0600 (MDT) From: John Galt <galt@inconnu.isu.edu> To: =?iso-8859-1?q?Keith=20Spencer?= <bsd2000au@yahoo.com.au> Cc: Tabor Kelly <pdxmax@dsl-only.net>, fbsd <freebsd-questions@FreeBSD.ORG> Subject: Re: Separate firewall or not? Message-ID: <Pine.LNX.4.33.0108122228390.14442-100000@inconnu.isu.edu> In-Reply-To: <20010810004637.15724.qmail@web12004.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 10 Aug 2001, Keith Spencer wrote: >Hi Tabor, >Thanks! If I don't remove the compiler can I restrict >it? Can I stop shell accounts? #chown root path/to/gcc #chmod 700 path/to/gcc #rm path/to/adduser >Do I put DNS on the firewall or behind it? >Thanks >keith > >--- Tabor Kelly <pdxmax@dsl-only.net> wrote: > IMHO >you should use a separate firewall. I wouldn't >> take your compiler >> off of it, it makes certain tasks very difficult >> (like building a new >> kernel). >> >> Personally, I leave one thing on my firewall: sshd. >> >> There are many reasons not to use a normal server as >> a firewall, one >> large one is that, you only need 2 accounts on a >> firewall: root, and >> one user account. On a webserver you frequently have >> many, many >> account, all of which can be used against you! >> >> Note: I am not a network security expert, though I >> like to pretend >> that I know a little bit about security. >> >> On Thursday, August 09, 2001, 4:57:28 PM, Keith >> wrote: >> >> Hi all, >> sorry to repeat but I am in the middle of an urgent >> anti-hacking rebuild. >> Should I build a separate preimeter firewall machine >> with only that on it...restrict/remove compilers etc >> (how do I do that?) and have the router/dns/web/wail >> server inside the perimeter. >> OR >> should I simply put IPFW on the router/dns/web/mail >> server? >> Any ideas guys? >> Tjhanks >> Keith >> >> >_____________________________________________________________________________ >> http://shopping.yahoo.com.au - Father's Day Shopping >> - Find the perfect gift for your Dad for Father's >> Day >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe freebsd-questions" in the body of >> the message >> >> > >_____________________________________________________________________________ >http://shopping.yahoo.com.au - Father's Day Shopping >- Find the perfect gift for your Dad for Father's Day > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message > -- There is no problem so great that it cannot be solved with suitable application of High Explosives. Who is John Galt? galt@inconnu.isu.edu, that's who! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.33.0108122228390.14442-100000>