Great Circle Associates Firewalls
(June 1995) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: FW: secure W3 server with internal data available to outside
From: fc @ all . net (Dr. Frederick B. Cohen)
Date: Wed, 21 Jun 1995 09:00:43 -0400 (EDT)
To: GARRYG @ omaha . abii . com (Garry Garrett)
Cc: firewalls @ greatcircle . com
In-reply-to: <2FE82BE3 @ mailserv . abii . com> from "Garry Garrett" at Jun 21, 95 07:24:00 am 
>  I have thought about this, but the problem I see is that the
>  web server or firewall has to write to some files (log files,
>  temporary files, etc.) and seperating out those directories
>  that need to be written to during normal operation and those
>  that do not is no small task.  It's particularly hard if you
>  have only 1 disk and can only "read only mount" the partition

An extra disk for log files costs about $100 installed (for 150M). 
Read-only partitions are foolish - use read-only disks.  If $200 is more
than the security of your W3 server is worth, you should probably not
worry about securing it.

>  that you want to be read only.  If I could; I'd burn a CD-ROM
>  with everything on my web server that can be read-only and
>  boot off of that.  The day it's easy to seperate out what can
>  be read-only is the day I'll implement my system that way.  If

Well - a CD-ROM writer costs about $1800, and each writable CD is under
$20 in quantity small. If $2,000 ...

>  you have already figured all this out, would you be willing
>  to share this knowledge?

Considering the time you have already spent in this dicussion, you may
have been able to save the company money by implementing this in the
beginning ...  but you didn't know this before, and besides, the company
almost certainly thinks that a day or two of your time is worth far less
than the burdened cost associated with it.  Two different kinds of money;
equipment (each dollar is worth an hour of employee time) and people (we
pay for it anyway, so why not waste it trying to save a dollar).

-- 
-> See:  Info-Sec Heaven using our New Super Secure World-Wide-Web Server
-> Free: Test your system's security (scans deeper than SATAN or ISS!)
---------------------- both at URL: http://all.net ----------------------
-> Read: "Protection and Security on the Information Superhighway"
	 John Wiley and Sons, 1995 ISBN 0-471-11389-1, 320 pp, $24.95
-------------------------------------------------------------------------
   Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236
References:
Indexed By Date Previous: Througput of TIS Toolkit?
From: gary flynn <gary @ habanero . jmu . edu>
Next: Summarized Answer: re: Has anyone built firewall using Solaris 2.4 for x86?
From: Chiaki Ishikawa <ishikawa @ personal-media . co . jp>
Indexed By Thread Previous: FW: secure W3 server with internal data available to outside
From: Garry Garrett <GARRYG @ omaha . abii . com>
Next: smtp to microsoft mail
From: Rich <raf @ ezunx . com>
Google
 
Search Internet Search www.greatcircle.com