[ale] slightly OT: network structure
Chris Fowler
cfowler at outpostsentinel.com
Wed Feb 13 17:49:37 EST 2002
Easy,
Make hime sign a wavier that states:
"If your machine ever becomse the center for a hack into the
network, or in in any way involved in a hack, the network cable
will be disconenected indefinetly"
Of course word it much better than that.
Chris
-----Original Message-----
From: Charles Marcus [mailto:CharlesM at Media-Brokers.com]
To: ale at ale.org
Sent: Wednesday, February 13, 2002 5:46 PM
To: Ale (E-mail)
Subject: RE: [ale] slightly OT: network structure
The only potential issue I can think of is, since its a Windows box, and
much more prone to DoS attacks and such, if it did get compromised, it could
kill your bandwidth...
What services will it be running?
Charles
> -----Original Message-----
> From: jenn at colormaria.com [mailto:jenn at colormaria.com]
> Sent: Wednesday, February 13, 2002 5:05 PM
> To: ale at ale.org
> Subject: [ale] slightly OT: network structure
>
>
> I've been asked to put a Win2000 box that I will not manage
> in my cabinet at
> our co-lo facility. I'm considering putting this box in my
> DMZ with my
> email and DNS servers and I'm wondering if anyone who has managed a
> mixed-environment network could help me ensure that, should
> this machine run
> amok, it won't hurt my other boxen?
>
> I have a linux box acting as a gateway between the co-lo
> network and my DMZ.
> The DMZ servers all run iptables firewalls, have unnecessary
> services turned
> off, and are as securely set up as I can make them. In the DMZ is a
> firewall/NAT machine that protects some other servers. Is
> this enough to
> protect my DMZ machines should the windows box get
> compromised in some way?
> Should I put it on my private network and run NAT for its
> services? I've
> considered also replacing the initial linux gateway with a
> cisco or other
> brand managed switch, and attempting some sort of vlan, but I'm not
> convinced this would make things better...and be a learning
> curve to boot.
>
> What do you folks do in a situation like this? The admin for
> this machine
> has already agreed to follow the NSA guidelines for locking
> down a windows
> machine, and anything else I can find for him. All help is,
> as always,
> appreciated.
>
> TIA
> jenn
>
>
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info.
> Problems should be
> sent to listmaster at ale dot org.
>
---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.
---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.
More information about the Ale
mailing list