[NCLUG] Network configuration

[dobbster]

Quent wrote:
> 
> There are numerous approaches to firewalling.
> 
> Sean's modification (network cards are cheap) gives you a way to block
> everything but HTTP packets to the web server.
> 
> That's a lot more secure than the way I drew it, where the web server is
> wide open to the Internet and your only security is in packet filtering
> done on the web server itself.
> 
> With the 3 NIC design the firewall could block any traffic leaving the
> web server, so if the web server was cracked it couldn't be used to
> launch attacks on other machines or send spam and so on.
> 
> Another design is to have two packet filter boxes.  Replace the hub with
> another packet filter and put a hub between the two packet filters and
> call that LAN segment the DMZ.
> 
>         Quent

Got it!

I am having second thoughts about using my DSL line for our production
servers...  I was down for several hours last night, so I am questioning
the reliability.  However, it still seems a firewall would be a good
idea.

Mark (dobbster at frii.com)

P.S. I was planning to come to the next NCLUG meeting, but isn't that
election day?