[ale] slightly OT: network structure

Glenn C. Lasher Jr. glasher at nycap.rr.com
Thu Feb 14 06:48:08 EST 2002



Connect the WindBlows box to a remote power switch.  Give control of this
switch to one of your DMZ boxen that should never see traffic from the
WindBlows box, and script it so that if it DOES see such traffic, (and it
can look for other patterns too, if you want), it will pull the switch
with no further warning.


On Wed, 13 Feb 2002, Chris Fowler wrote:

> Easy,
>
> Make hime sign a wavier that states:
>
> "If your machine ever becomse the center for a hack into the
> network,  or in in any way involved in a hack, the network cable
> will be disconenected indefinetly"
>
> Of course word it much better than that.
>
>
> Chris
>
>
> -----Original Message-----
> From: Charles Marcus [mailto:CharlesM at Media-Brokers.com]
> Sent: Wednesday, February 13, 2002 5:46 PM
> To: Ale (E-mail)
> Subject: RE: [ale] slightly OT: network structure
>
>
> The only potential issue I can think of is, since its a Windows box, and
> much more prone to DoS attacks and such, if it did get compromised, it could
> kill your bandwidth...
>
> What services will it be running?
>
> Charles
>
> > -----Original Message-----
> > From: jenn at colormaria.com [mailto:jenn at colormaria.com]
> > Sent: Wednesday, February 13, 2002 5:05 PM
> > To: ale at ale.org
> > Subject: [ale] slightly OT: network structure
> >
> >
> > I've been asked to put a Win2000 box that I will not manage
> > in my cabinet at
> > our co-lo facility.  I'm considering putting this box in my
> > DMZ with my
> > email and DNS servers and I'm wondering if anyone who has managed a
> > mixed-environment network could help me ensure that, should
> > this machine run
> > amok, it won't hurt my other boxen?
> >
> > I have a linux box acting as a gateway between the co-lo
> > network and my DMZ.
> > The DMZ servers all run iptables firewalls, have unnecessary
> > services turned
> > off, and are as securely set up as I can make them.  In the DMZ is a
> > firewall/NAT machine that protects some other servers.  Is
> > this enough to
> > protect my DMZ machines should the windows box get
> > compromised in some way?
> > Should I put it on my private network and run NAT for its
> > services?   I've
> > considered also replacing the initial linux gateway with a
> > cisco or other
> > brand managed switch, and attempting some sort of vlan, but I'm  not
> > convinced this would make things better...and be a learning
> > curve to boot.
> >
> > What do you folks do in a situation like this?  The admin for
> > this machine
> > has already agreed to follow the NSA guidelines for locking
> > down a windows
> > machine, and anything else I can find for him.  All help is,
> > as always,
> > appreciated.
> >
> > TIA
> > jenn
> >
> >
> > ---
> > This message has been sent through the ALE general discussion list.
> > See http://www.ale.org/mailing-lists.shtml for more info.
> > Problems should be
> > sent to listmaster at ale dot org.
> >
>
>
>
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
> sent to listmaster at ale dot org.
>
>
>
>
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
> sent to listmaster at ale dot org.
>

-- 
glasher at nycap.rr.com
You've been programmed by the Illuminati not to see the word "".


---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list