Normally I lurk (and research) for quite a while before posting a question
to a mailing list, but I'm quite pressed for time, and would like as much
info as soon as possible. Forgive me if this newbie question is "beneath"
most of you.
It's probably not too wise to detail our firewall setup here, but it's kind
of hard to ask my question without revealing anything.
Ideally, we would like to have a webserver, DNS, and perhaps an anonymous
ftp site located externally to a firewall machine and the internal network.
[ ]
[ Webserver/DNS ]
[ ]
|
|
[ ] [ ] { }
[ router ]----------------[ FW Machine ]--------------{ Internal Network }
[ ] (IP:X.X.X.X)[ (pckt fltrg) ](IP:X.X.X.Y) { }
|
|
{ }
{ INTERNET }
{ }
Due to lack of funds at the moment, it has been suggested that we make the
firewall machine a website and minimum DNS as well.
{ } [ Website/DNS ] { }
{ INTERNET }--------------[ FW Machine ]--------------{ Internal Network }
{ } (IP:X.X.X.X)[ (pckt fltrg) ](IP:X.X.X.Y) { }
The first method is more "secure" for obvious reasons, but just how risky
is the second method? Have there been documented attacks through whatever
ports required for web and DN services? What kind of damage, if any, can
be done using only the aforementioned ports?
Any answers/thoughts/comments are appreciated. Thanks in advance.
- James
P.S. Is it customary on this mailing list for people to answer directly to
me and then post a summary? Let me know!
--
James H. Moore Rosai Rehab. Engineering Center
Research Engineer 1-10-5 Komei, Minato-ku
moore @
lwc-eirec .
go .
jp Nagoya 455, Japan
|
|
