Firewall Wizards mailing list archives
RE: Here is my plan for firewall implementation
From: "Tong, Aaron" <aaron () hkpo hongkong ncr com>
Date: Tue, 23 Sep 1997 12:30:00 PDT
This is a good chance for me to learn more about building a firewall. If you don't mind I would like to ask a few questions regarding the placement of your web server. You mentioned you would have HTTP proxy on the firewall. Where would you place your web server (behind the firewall or on the network between Internet connection and firewall)? Which one is more secure? Any suggestion are welcome. Thanks in advance Aaron Tong Professional Service NCR (Hong Kong) Ltd. Tel: (852) 2859 6913 Fax: (852) 2506 4436 E-mail: aaron.tong () hongkong ncr com ---------- From: owner-firewall-wizards[SMTP:owner-firewall-wizards () nfr net] Sent: Friday, September 19, 1997 7:30 PM To: firewall-wizards; fwtk-user Subject: Here is my plan for firewall implementation part1 (text/plain) ------------------------------ Hello All, Here is my plan for implementating a firewall at my site and I would like to hear some comments on the goods and bads. Here are the systems to be protected as we speak. 1 Novell 3.12 file server, 1 NT 4.0 Server running as a PDC and MS Exchange Server, 1 NT 4.0 Server running as BDC. 85 Windows for Workgroups 3.X workstations running MS Office Professional 4.3, MS Exchange for both internal and internet e-mail supporting 160 users. My plan is to build a Pentium 133 with 32 MB RAM with 540 MB Hard Drive running Linux Slackware using kernel 2.0.30 and TIS Firewall Toolkit 2.0. I plan to use the SMTP, HTTP, TELNET, and FTP proxies from the FWTK and set up a fake DNS on this machine. I will build another Linux computer to act as the internal DNS that will forward all queries it cannot answer to the firewall and then forward answers back to the systems that asked. It will also be my network monitoring station and the station the I xfer all update to my external web and ftp servers. My default policy will be to deny all unless otherwise permitted. I am trying to protect the information as we deal with government contracts but still need access to the internet to look up data and exchange information with other contractors. Thanks, Jim Raykowski San Diego, CA jimrski () cts com The following binary file has been uuencoded to ensure successful transmission. Use UUDECODE to extract. begin 600 WINMAIL.DAT M>)\^(B($`0:0"``$```````!``$``0>0!@`(````Y`0```````#H``$(@`<` M&````$E032Y-:6-R;W-O9G0@36%I;"Y.;W1E`#$(`0V`!``"`````@`"``$$ M@`$`,````%)%.B!(97)E(&ES(&UY('!L86X@9F]R(&9I<F5W86QL(&EM<&QE M;65N=&%T:6]N`"41`06``P`.````S0<)`!<`#``;`!P``@`Y`0$@@`,`#@`` M`,T'"0`7``L`"``#``(`#`$!"8`!`"$````R034R.#1!-$9%,S-$,3$Q.$5# M-3`P,C!!1C,Y-39%-@`3!P$#D`8`*`@``!(````+`",```````,`)@`````` M"P`I```````#`"X```````,`-@``````0``Y`$!.*P#9Q[P!'@!P``$````P M````4D4Z($AE<F4@:7,@;7D@<&QA;B!F;W(@9FER97=A;&P@:6UP;&5M96YT M871I;VX``@%Q``$````6`````;S'V0`BI(12+3/^$=&.Q0`@KSE6Y@```P`& M$'5A\QT#``<0M08``!X`"!`!````90```%1(25-)4T%'3T]$0TA!3D-%1D]2 M34543TQ%05).34]214%"3U540E5)3$1)3D=!1DE215=!3$Q)1EE/541/3E1- M24Y$25=/54Q$3$E+151/05-+049%5U%515-424].4U)%1T$``````@$)$`$` M``"Y!@``M08``-D+``!,6D9U%-BA&_\`"@$/`A4"I`/D!>L"@P!0$P-4`@!C M:`K`<V5T[C(&``;#`H,R`\8'$P*#QC,$UPA0;6EC!@0%X(T"@S0#Q0(`<')Q M$B!U$X@U$PU]"H`(SPG9._$93S(U-0*`"H$-L0M@X&YG,3`S%"`+"A+R10P! M8P!`(%1H!``@H1Y182!G;P1P(!&Q<&YC92`"$`7`!X`@X'1O(&QE"L`#H`1@ MEQE0'J`&X'4%0&)U`Q!*9`N`9QZA9FD94'<!!T!L+B`@268@TGD(8"!D`B`G M!4`4X.)N'P!)('<(8"%P("#$:6L?XV%S:R'"!]'B<0I0<W1I`B`$(!E0YF<+ M$2&2=&@?<`M1'V`S!X`","!O(K,%P'=E9&(@$?!R=@20(G%9_R+A)S(EL0F` M(L,CY!'`*'!@($A45%`FT`-@>-YY)W`#H":B(?E7)K`@L0\CY"+2)N,GKB`H M8F5_'D`CD2N*)W`%P"M5*7!T_2/@<B3@+N`PX`GA(I`",-\$D1(`'Q`"("EP M8R6B'J"S(Y$A]BD_+%(4\&@K0:\?<!Y1(),1\&,(<&4ST81!;BLP<W5G9R6$ MLQZ@+*)E;`6@!X`N"H4W"H4>,`!P:QYA,N%D=EL?0C=L00K`*U%4`B!G_0J% M4`-@)2`$$"6Q!T`&4D9V%/`Y1DY#4B[`2`DZH2!+.J$I($QT*F0W5E0V\#HN MP#@U"C(]T#(_`#D@-CE$,3,*A49A>#[7-8`P-B`T-#,V"H5<12T`P`,0/M!A M.D(N4R``'%!`:#JA:SJA+C\?4"B0-Q$W;`KT)$`Q..(P`M%I+3%!4`WP#-#S M1A,+63$V"J`#8#'@,J!\("U(-PJ'1NL,,$>V1K\#83[01L]'U`R")W!W*7!4 M<BTA]BT#\'H+$7-H6U--*L`Z3/].`T#N;@-00[`2`%U(WTGM!F`/`C!+'TPK M2M!I9&%Y/BP&404P)R`NX`7`,3D#52!5X#DW(#<Z,_HP.S!-4*])[3J04N], M*P5-7CL?@'=T:RUUQRA!5N]1OG5B:C*160_]3"M(+)(THBLP"U$#H!^2[R^7 M!W`+4"<C826B1#]%0[]!<$:W%W(,`4>V"K%T'A"B*#'@>'0O"U,I"H5_2#AH MOTBH"H5@X")0(!!!_2)0+`J%(H!@[P6Q8KHAJ_<>H"-1-=%I,>`R\R/*"H6W M(`$FL`K!<S<A,D%M)S)?!"`K51[2'I$CD6(XX'//-U9K]3:B)J)S>260)R#_ M!"`@`2[@*N)'XBF!),`G\34H,'`@0&LB<1X03F_C*'`O\3,N,1(@(?`@,*\* MA2A$5@$'L%1!0"Y6H',\$BZA<G4R<"&3'I)0S$1#,O,%X45X'R(V(,]Z)7F( M"H5Z/R!">X`B<;\_`"Q@(X%.L`0@'Y)7,0';"<`(8'`$('@@6"/1,1"_)9!C M0R7A>K0*A07A3PW0]SQ1.SQY\#-5('OZ'Y(&X/\FH#BA,>([X3,"AD02``J% MYF5"$S7A<'`8\2&21X#W5J!<4G.Y36%U'E%ULB%2\WM"*2)U;570')`CT&]@ M)31`,Q(@34('\$%-+8QD-48PC.)("Q$@1"\%$"AP"H5ZIDP+@'5X^P8`)O%K M(C`@L5Q0(9(D8'LR`0,@,GH`A+!6H#,"5+I)!?!&+Z8ZD`;P:V]@_Y%S"H4C MP&&3(`%<42:33F('52`JHE4@5$5,3D7V5%4@,P)&*L4(D(`Q`V'A)I-&5U1+ M,O,1\0J%SX$`(<)W0!]P1$X%\"M3_S2B`-`O`3='(H&,82_QBS7>;H8!+J&/ MM#<1<"$0+J'_)))(`7:Q)J*&1YGR)J!N\?^;X@J%'Y&087:1+_$E80B!_QYA M,C$`<)RA,O$#X)W4+UO_,P(FH6'#H.(*A:*4!"!S@/^00*+V=3>?PB3!"8`B M<I_D_Z$A<9!UTF%A,,4*A01@`P#_(``%$"&A@<6C]JJW)J(CP/YX)2"E42_Q M@0!4\&]Q(`&_86%G$89T*`&E!S,A=)E@]RA$B:P-L6$D`&9Q!O`4\+\K,)OD M'^,-L#7!K/-N(##_!!&<LP/Q)L$$D!3@`D"GM.,>H$0F=')Y)F,@$$>V_YZD M'Y$`P#*T=L,-L*YBC(+['M`H<6XG,S)1M:">,:71OR$0>+8EH"_Q*7!V@F,? M8/\$$:,%AQ8?\Q[@)."94:U1_QZP,P)G$'Q%MPD*A8QSG+2_N78%L'.W.$1K M=@J%2@=P?P?P50!#<(`@DT!]M@.11*<(D![052!#00J%:@=P^Q'@DT!`N=%# M_V/_90@=A1='M@J%&'$`RH`````#`!`0``````,`$1``````0``',(`@SN?- MQ[P!0``(,(`@SN?-Q[P!'@`]``$````%````4D4Z(``````#``TT_3<``'VZ ` end
Current thread:
- Re: Here is my plan for firewall implementation, (continued)
- Re: Here is my plan for firewall implementation Craig Brozefsky (Sep 21)
- Re: Here is my plan for firewall implementation Marcus J. Ranum (Sep 21)
- Re: Here is my plan for firewall implementation Craig Brozefsky (Sep 22)
- NCSA's RECON Service Adept (Sep 22)
- Re: Here is my plan for firewall implementation Joseph S. D. Yao (Sep 22)
- Re: Here is my plan for firewall implementation Adam Shostack (Sep 22)
- Re: Here is my plan for firewall implementation Paul D. Robertson (Sep 23)
- Re: Here is my plan for firewall implementation Alfred Huger (Sep 24)
- Re: Here is my plan for firewall implementation Marcus J. Ranum (Sep 21)
- Re: Here is my plan for firewall implementation Craig Brozefsky (Sep 21)