Re: limit access to other LAN computers

[Hobbe <my1listmail () gmail com>]

Actually it all boils down to how secure do you need them to be ?
with that I mean how hard should it be for the linux maschines to
break out of their confinement ?
IF and i say IF you know what they are supposed to connect to and what
they are supposed to connect to is a small thing ie
ntp and such stuff then you actually can set some access-list rules in
the switches. (if you have cisco switches most of them support it)
however if they are supposed to run a samba server for all the windows
machines, well then you are pretty much screwed whatever you do.
so start with thinking the design through and how you are supposed to
use the system.
when you have a design, lockdown everything.
when you have locked down everything look at what needs to be open.
when you know what needs to be open, look at what that affects and
what can you do if you open that.
weigh pros and cons and see what you gain and what you loose by opening X.
in the end you will se what must be done for this setup in your system.

HTH

Hobbe



On Mon, Apr 26, 2010 at 9:15 PM, Tim Gonzales <tim.gonzales () gmail com> wrote:
> One way to achieve this might be to place the Linux machines into a
> DMZ.  You could then place a firewall between the DMZ and the rest of
> your network thus controlling what those machines have access to.  See
> below for more info:
>
> http://en.wikipedia.org/wiki/DMZ_(computing)
>
> You also might want to create restricted user accounts on the Linux
> machines and only give your clients the access required to do their
> jobs.  Also, don't give the clients accounts of any of the machines
> other than the ones they need to work on.
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
> how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
> purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
> set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------