[NTLUG:Discuss] Cd based Proxy/Firewall (again)

Paul Drew solarcurve at msn.com
Sat Jul 12 17:56:18 CDT 2003 

Hello again,
Ya know what? I think your probably right. With all the changes, and such 
that we would be wanting to make I don't think burning a ton of cd's is even 
the most optimal thing to go for. We would have to mail and instruct people 
how to change them out all the time, and its just not practical since only 1 
of the dozen or so machines would be in my location.

These machines are just in effect web proxies, and I want to get a bit anal 
with them and make them as secure as possible. Overnight backups over the 
network will allow me to restore quickly enough in the event we need to.

Thanks for your input because I greatly appreciate it. I am put quite often 
in a position to make decisions or policies for which I have little or no 
experience. Unfortunatly there really is no one else any better qualified. I 
can't make the right call 100% of the time, but I can sure get as educated 
as possible and try to keep that percentage as high as possible.

This project is still in the talking stages right now, but I have a feeling 
that once it hits I will be up to my elbows into it with many questions. 
Thanks for being a great resource guys. Anyone is welcome to give me their 
feedback and opinions on this type of thing. Have a great day, and take 
care.

Paul Drew

>From: severian at pobox.com
>Reply-To: NTLUG Discussion List <discuss at ntlug.org>
>To: NTLUG Discussion List <discuss at ntlug.org>
>Subject: Re: [NTLUG:Discuss] Cd based Proxy/Firewall (again)
>Date: Sat, 12 Jul 2003 12:08:43 -0500
>
>Howdy,
>   Neither smoothwall or ipcop are CD bootable.  If you really want that 
>featute, I can't offer firsthand advice.  I think that is a bad idea for a 
>firewall.  I want to be able to configure aspects of the firewall, e.g. 
>iptable rules, port access list, and cron entries for automatic up and down 
>times.  I also want to be able to store lots of logs.  You need some 
>storage media for that.  These two products are qick to install, and can be 
>locked down pretty well.  That is why I suggested them.
>   It is not that I don't see any value to what you want to do.  I can see 
>how just rebooting would e a plus.  It just seems like you would have to 
>give up too much to get it with products I am familiar with.  I don't claim 
>to know all products, but I can talk about the ones I do know.  And I would 
>love to see someone add to the discussion with other alternatives that I 
>could learn about.
>   Two other possibilities come to mind.  One is to try one of the floppy 
>based firewalls like coyote linux.  You could make copies of the floppy and 
>after a compromise just put a new one in.  I tried several about a year and 
>a half ago and for my own use they were too limited.  But, they may be 
>enough for you.
>   The second is to install IPCOP, configure it and then make a backup 
>which you could restore.  You would lose all your logs, but otherwise keep 
>a good firewall.
>Good luck,
>Ralph
>
>In response to the welcome remarks of Paul Drew at 11:12 AM 7/12/03 -0500:
>>Howdy,
>>I had been looking at them actually, but I didnt see anything about being 
>>cd bootable, and allowing me that feature. One of our boxes was 
>>comprimised
>
>
>
>_______________________________________________
>https://ntlug.org/mailman/listinfo/discuss

_________________________________________________________________
MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*.  
http://join.msn.com/?page=features/virus

More information about the Discuss mailing list