Asfalia se ena diktyo..
Iakwbos Triantafillou
ewsforos at styx.irc.gr
Sun Feb 8 16:28:46 EET 2004
Karoto *Alpha Information* wrote:
>Xerete gia mia akomh fora..
>8a 8ela na rwtisw ean! , kai giati! Einai kalitera se mia epixeirish pou
>exei anagh apo asfaleia sto diktyo tis , to firewall na stinete se ena
>mixanima pou 8a sikonei kai alla services opws httpd , samba , nfs , h
>na einai jexoristo..o poly kalos filos (Gewrge Pasxos) anefere to
>gibraltar to opoio omws se iso morfi mpainei se jexoristo pc..ti
>pisteuete oti einai kalitera? Firewall stand alone? H firewall me alla
>kaloupia mesa sto pc??
>
>Life ain't a game
>Your Original! KAROTOR
>Respect!
>
>
Kalhspera.
Ayto pou rwtas eksartatai apo para polla pragmata. To megethos ths
etairias, tous porous pou diathetei, ti akribws tha trexei, kai ti
apaithseis exei apo to security ths. Sto 99% twn periptwsewn proteinetai
to firewall (kai routing eniote) na ginetai se ksexwristo mhxanhma (h
idanika apo h/w specific lyseis - pes to cisco, pes to opws thes) gia
logous asfaleias. Fantasou px na exeis ena mhxanhma pou kanei
firewalling kai na trexeis apache apanw kai na bgei ena remote exploit
gia apache. Oi pithanothtes/senaria einai aperioristes. Gi ayto to logo
synithws ena low (sxetika) spec mhxanhma ginetai dedicated firewall/router.
Apo kei kai pera an thes na to pas se apolyta swsth topologia me to
kalytero dynato security pas se router ekswterika (den blaptei na kanei
ki ayto se kapoio bathmo firewalling) apo pisw ena firewall pou kolas
apanw kai to DMZ (etsi exeis ola ta publically accessible hosts sou sto
DMZ) kai pisw apo to firewall allo ena router gia to internal diktyo
sou. Etsi exeis kata to dynaton apomonomena ta opoia mhxanhmata einai
accessible apo olo ton kosmo kai prostheteis enan shmantiko bathmo
dyskolias se epidoksous attackers. Ayth h topologia einai gnwsth ws "
Three-homed firewall DMZ Architecture".
An ayto den einai dynaton logw budget, sinithws apla paraleipetai to
deytero eswteriko router. Se kathe periptwsh pantws kalo einai opws eipa
kai parapanw kai ta routers ta idia na kanoun ws ena bathmo
packet-filtering gia redundancy. Pote den ksereis ti mporei na kanei
fail kai se ayth th periptwsh den thes na bretheis ektetheimenos.
Genika milwntas pantws kalo einai ola sou ta services na trexoun se oso
to dynaton perissotera diaforetika mhxanhmata. Se periptwsh attack, h se
periptwsh pou kanei fail to h/w tou mhxanhmatos gia kapoio logo den tha
xaseis aytomatws ola sou ta services kai dedomenou oti perneis backups
tha mporeseis na epanafereis to service sto elaxisto dynato xroniko
diasthma.
Ayta perilhptika. Elpizw na boithisa.
Filika,
I.T.
More information about the Linux-greek-users
mailing list