RE: Here is my plan for firewall implementation

["Tong, Aaron" <aaron () hkpo hongkong ncr com>]

This is a good chance for me to learn more about building a firewall.  If   
you don't mind I would like to ask a few questions regarding the   
placement of your web server.  You mentioned you would have HTTP proxy on   
the firewall.  Where would you place your web server (behind the firewall   
or on the network between Internet connection and firewall)?  Which one   
is more secure?  Any suggestion are welcome.

Thanks in advance

Aaron Tong
Professional Service
NCR (Hong Kong) Ltd.
Tel: (852) 2859 6913
Fax: (852) 2506 4436
E-mail: aaron.tong () hongkong ncr com

 ----------
From:   owner-firewall-wizards[SMTP:owner-firewall-wizards () nfr net]
Sent:   Friday, September 19, 1997 7:30 PM
To:     firewall-wizards; fwtk-user
Subject:        Here is my plan for firewall implementation

part1 (text/plain)
 ------------------------------

Hello All,
  Here is my plan for implementating a firewall at my site and I would   
like
to hear some comments on the goods and bads.
  Here are the systems to be protected as we speak.  1 Novell 3.12 file
server, 1 NT 4.0 Server running as a PDC and MS Exchange Server, 1 NT 4.0
Server running as BDC.  85 Windows for Workgroups 3.X workstations   
running
MS Office Professional 4.3, MS Exchange for both internal and internet
e-mail supporting 160 users.
  My plan is to build a Pentium 133 with 32 MB RAM with 540 MB Hard Drive
running Linux Slackware using kernel 2.0.30 and TIS Firewall Toolkit 2.0.
I plan to use the SMTP, HTTP, TELNET, and FTP proxies from the FWTK and   
set
up a fake DNS on this machine.
  I will build another Linux computer to act as the internal DNS that   
will
forward all queries it cannot answer to the firewall and then forward
answers back to the systems that asked.  It will also be my network
monitoring station and the station the I xfer all update to my external   
web
and ftp servers.
  My default policy will be to deny all unless otherwise permitted.  I am
trying to protect the information as we deal with government contracts   
but
still need access to the internet to look up data and exchange   
information
with other contractors.
Thanks,

Jim Raykowski
San Diego, CA
jimrski () cts com



The following binary file has been uuencoded to ensure successful
transmission.  Use UUDECODE to extract.

begin 600 WINMAIL.DAT
M>)\^(B($`0:0"``$```````!``$``0>0!@`(````Y`0```````#H``$(@`<`
M&````$E032Y-:6-R;W-O9G0@36%I;"Y.;W1E`#$(`0V`!``"`````@`"``$$
M@`$`,````%)%.B!(97)E(&ES(&UY('!L86X@9F]R(&9I<F5W86QL(&EM<&QE
M;65N=&%T:6]N`"41`06``P`.````S0<)`!<`#``;`!P``@`Y`0$@@`,`#@``
M`,T'"0`7``L`"``#``(`#`$!"8`!`"$````R034R.#1!-$9%,S-$,3$Q.$5#
M-3`P,C!!1C,Y-39%-@`3!P$#D`8`*`@``!(````+`",```````,`)@``````
M"P`I```````#`"X```````,`-@``````0``Y`$!.*P#9Q[P!'@!P``$````P
M````4D4Z($AE<F4@:7,@;7D@<&QA;B!F;W(@9FER97=A;&P@:6UP;&5M96YT
M871I;VX``@%Q``$````6`````;S'V0`BI(12+3/^$=&.Q0`@KSE6Y@```P`&
M$'5A\QT#``<0M08``!X`"!`!````90```%1(25-)4T%'3T]$0TA!3D-%1D]2
M34543TQ%05).34]214%"3U540E5)3$1)3D=!1DE215=!3$Q)1EE/541/3E1-
M24Y$25=/54Q$3$E+151/05-+049%5U%515-424].4U)%1T$``````@$)$`$`
M``"Y!@``M08``-D+``!,6D9U%-BA&_\`"@$/`A4"I`/D!>L"@P!0$P-4`@!C
M:`K`<V5T[C(&``;#`H,R`\8'$P*#QC,$UPA0;6EC!@0%X(T"@S0#Q0(`<')Q
M$B!U$X@U$PU]"H`(SPG9._$93S(U-0*`"H$-L0M@X&YG,3`S%"`+"A+R10P!
M8P!`(%1H!``@H1Y182!G;P1P(!&Q<&YC92`"$`7`!X`@X'1O(&QE"L`#H`1@
MEQE0'J`&X'4%0&)U`Q!*9`N`9QZA9FD94'<!!T!L+B`@268@TGD(8"!D`B`G
M!4`4X.)N'P!)('<(8"%P("#$:6L?XV%S:R'"!]'B<0I0<W1I`B`$(!E0YF<+
M$2&2=&@?<`M1'V`S!X`","!O(K,%P'=E9&(@$?!R=@20(G%9_R+A)S(EL0F`
M(L,CY!'`*'!@($A45%`FT`-@>-YY)W`#H":B(?E7)K`@L0\CY"+2)N,GKB`H
M8F5_'D`CD2N*)W`%P"M5*7!T_2/@<B3@+N`PX`GA(I`",-\$D1(`'Q`"("EP
M8R6B'J"S(Y$A]BD_+%(4\&@K0:\?<!Y1(),1\&,(<&4ST81!;BLP<W5G9R6$
MLQZ@+*)E;`6@!X`N"H4W"H4>,`!P:QYA,N%D=EL?0C=L00K`*U%4`B!G_0J%
M4`-@)2`$$"6Q!T`&4D9V%/`Y1DY#4B[`2`DZH2!+.J$I($QT*F0W5E0V\#HN
MP#@U"C(]T#(_`#D@-CE$,3,*A49A>#[7-8`P-B`T-#,V"H5<12T`P`,0/M!A
M.D(N4R``'%!`:#JA:SJA+C\?4"B0-Q$W;`KT)$`Q..(P`M%I+3%!4`WP#-#S
M1A,+63$V"J`#8#'@,J!\("U(-PJ'1NL,,$>V1K\#83[01L]'U`R")W!W*7!4
M<BTA]BT#\'H+$7-H6U--*L`Z3/].`T#N;@-00[`2`%U(WTGM!F`/`C!+'TPK
M2M!I9&%Y/BP&404P)R`NX`7`,3D#52!5X#DW(#<Z,_HP.S!-4*])[3J04N],
M*P5-7CL?@'=T:RUUQRA!5N]1OG5B:C*160_]3"M(+)(THBLP"U$#H!^2[R^7
M!W`+4"<C826B1#]%0[]!<$:W%W(,`4>V"K%T'A"B*#'@>'0O"U,I"H5_2#AH
MOTBH"H5@X")0(!!!_2)0+`J%(H!@[P6Q8KHAJ_<>H"-1-=%I,>`R\R/*"H6W
M(`$FL`K!<S<A,D%M)S)?!"`K51[2'I$CD6(XX'//-U9K]3:B)J)S>260)R#_
M!"`@`2[@*N)'XBF!),`G\34H,'`@0&LB<1X03F_C*'`O\3,N,1(@(?`@,*\*
MA2A$5@$'L%1!0"Y6H',\$BZA<G4R<"&3'I)0S$1#,O,%X45X'R(V(,]Z)7F(
M"H5Z/R!">X`B<;\_`"Q@(X%.L`0@'Y)7,0';"<`(8'`$('@@6"/1,1"_)9!C
M0R7A>K0*A07A3PW0]SQ1.SQY\#-5('OZ'Y(&X/\FH#BA,>([X3,"AD02``J%
MYF5"$S7A<'`8\2&21X#W5J!<4G.Y36%U'E%ULB%2\WM"*2)U;570')`CT&]@
M)31`,Q(@34('\$%-+8QD-48PC.)("Q$@1"\%$"AP"H5ZIDP+@'5X^P8`)O%K
M(C`@L5Q0(9(D8'LR`0,@,GH`A+!6H#,"5+I)!?!&+Z8ZD`;P:V]@_Y%S"H4C
MP&&3(`%<42:33F('52`JHE4@5$5,3D7V5%4@,P)&*L4(D(`Q`V'A)I-&5U1+
M,O,1\0J%SX$`(<)W0!]P1$X%\"M3_S2B`-`O`3='(H&,82_QBS7>;H8!+J&/
MM#<1<"$0+J'_)))(`7:Q)J*&1YGR)J!N\?^;X@J%'Y&087:1+_$E80B!_QYA
M,C$`<)RA,O$#X)W4+UO_,P(FH6'#H.(*A:*4!"!S@/^00*+V=3>?PB3!"8`B
M<I_D_Z$A<9!UTF%A,,4*A01@`P#_(``%$"&A@<6C]JJW)J(CP/YX)2"E42_Q
M@0!4\&]Q(`&_86%G$89T*`&E!S,A=)E@]RA$B:P-L6$D`&9Q!O`4\+\K,)OD
M'^,-L#7!K/-N(##_!!&<LP/Q)L$$D!3@`D"GM.,>H$0F=')Y)F,@$$>V_YZD
M'Y$`P#*T=L,-L*YBC(+['M`H<6XG,S)1M:">,:71OR$0>+8EH"_Q*7!V@F,?
M8/\$$:,%AQ8?\Q[@)."94:U1_QZP,P)G$'Q%MPD*A8QSG+2_N78%L'.W.$1K
M=@J%2@=P?P?P50!#<(`@DT!]M@.11*<(D![052!#00J%:@=P^Q'@DT!`N=%#
M_V/_90@=A1='M@J%&'$`RH`````#`!`0``````,`$1``````0``',(`@SN?-
MQ[P!0``(,(`@SN?-Q[P!'@`]``$````%````4D4Z(``````#``TT_3<``'VZ
`
end