RE: Question about firewalls.

["Daniel R. Miessler" <danielrm26 () hotmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> I am about to move into a new apartment, and am taking the 
> opportunity to rethink the way I have my private network set up.  

Given what you go on to describe in your post, I recommend you go
with a DMZ setup and separate your services from your firewall.  In
general, running public services like mail and web on the same box as
your firewall is a *bad* idea, but sometimes it's all you can do. 
Since you have other machines, however, I think it's time you get
away from that configuration.  The reason it's a bad idea to run
services on a firewall (especially mail and web) is because they are
the means by which machines are exploited, and once this has happened
they have your firewall and free reign of your network.

Check out my article on neworder.box.sk about setting up a DMZ - it
applies to your situation well.  
http://neworder.box.sk/newsread.php?newsid=7326

That configuration, with one box in the DMZ running your public
services, will give you a highly decent amount of Security while
staying equally functional.  If you have any questions, let me know
and I'll try and help.

Regards,

- -danielrm26

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2

iQA/AwUBPs8CulJwf7WiYT5vEQJQoQCggtNKpI7y7sEZiWQgIiHX4KBAS6YAmgO2
qlS4Ek+RQTSmRzFkERNq/4WL
=JxM3
-----END PGP SIGNATURE-----

---------------------------------------------------------------------------
Thinking About Security Training? You Can't Afford Not To!

Vigilar's industry leading curriculum includes:  Security +, Check Point, 
Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now!
--UP TO 30% off classes in select cities-- 
http://www.securityfocus.com/Vigilar-security-basics
----------------------------------------------------------------------------