[plug] Setting up a new firewall

Hennie Strydom hennie.strydom at telkomsa.net
Sat Jul 30 05:48:44 WST 2005


On Sat, 2005-07-30 at 05:55 +0930, Onno Benschop wrote:
> Hennie Strydom wrote:
snip
> This made me smile.
Glad to be of service :-)

> On the one hand you're saying don't run any services on your firewall, 
> it will make it vulnerable. On the other hand you're saying, "I'm 
> running several other network applications."
> 
> So which is it, a secure firewall with nothing, or a computer that also 
> acts as a firewall?
For customers only a firewall.
This is however my home LAN where I have limited infrastructure, and I
admit that for personal use I do feel less paranoid about services
(excluding authentication) that is confirmed to be not visible from
outside the firewall other than through private pinholes.

I am however unwilling to run services for the wider public on any
firewall, hence no web / ftp / mail servers in the list.  
The squid and DNS / DHCP mentioned before is limited to the green and
blue segments.
I do have mac + wap (with regular keychange) + vpn on blue, with
aggressive monitoring of wireless activity, and actually keep the AP's
off when not in active use, so I am reasonably comfortable with the
level of security given that it is for my personal use.
(I know that IPCOP includes an internal use web server, but this is not
externally accessible.)

> So, if it were me, I'd be just running a firewall :)
Likewise for clients. For personal use I do not worry too much about my
current setup since I do not attract much attention. If the IDS logs 
start growing too quickly I'll probably move some services 
though.

Regards
  Hennie






More information about the plug mailing list