I'm looking for some information about how to hook up to the internet
and the risks of doing so. Basically, I have three questions:
- What are the risks of connecting to the internet with a firewall
- What recommendations do people have for firewall connections
- What do people generally do about ftp access across their firewall
I'm looking for some way to quantify the risk of an ethernet connection
to the internet. I was hoping CERT could provide me with statistics
about how many of different general configurations were broken into,
but they do not keep those statistics. Does anyone have a way to
quantify the risk of connecting to the internet with a well thought out
firewall?
I am looking for recommendations on how to set up a firewall. I have
Practical Unix Security by Garfinkel and Spafford and I have been
reading the discussion of this group (I've worked my way back to most
of November now). There are a number of people who believe we should
only have a serial line connection to the internet, so I am looking at
as secure as practical ethernet connection to the internet. I
understand the set up of the UNIX firewall and the use of a filtering
router. I'm a bit fuzzy on a parimeter network (I understand the goal,
but don't understand why the seperate C class address is needed). I
understand the use of TCP Wrapper, COPS, and ISS. If there are other
tools to securing the connection please send me mail about them. Any
suggestions about how to use these tools to put together the most
secure connection would also be appreciated.
Finally, I am interested in the ftp problem which has been talked
about. Do people generally just let the data connections for the
second channel through or is there another solution besides the passive
mode? Assuming I don't have control over remote ftpd progrmas, is
there a way to control the risk of these data connections?
I would appreciate any information which I can get. Please email to me
at timg @
ileaf .
com .
Thank you.
|
|
