security question
19 posts
• Page 2 of 2 • 1, 2
augie wrote:NT50 wrote:Anyway... Some shoudl use the software firewall. Me I push my power button
I hope you never get your first breach. It's better than nothing on a broadband connection.
You are correct Augie.... I hope I never do. The only system that runs full time in my house is my Server 2003 Enterprise. I do have AD setup on it and I use it for file backup. I do not use it for DHCP or anything else. I have considered putting a firewall on it but it seems to be fairly secure on its own.
I have 3 notebook PCs that are on onlywhen in use. I have a PPC iBook Mac and a MacBook that are on only durin guse. The desktop PC (gaming / expermental) is on durin guse only also. The majority of my PC's are only on when in use. That is the reason I do not have a software firewall "yet".
Dogs Have Owners; Cats Have Staff
- NT50
- PROfessional Member
- Posts: 8220
- Joined: Sat Jun 19, 2004 4:46 pm
- Location: Jackson, TN USA
- Real Name: Jeff Replogle
Mike G wrote:Thanks for that, thought as much, however we need DMZs for webmail/Nfuse etc, as long as their access into the internal network is secured things are generally OK
__________________
Never let your sense of morals prevent you from doing what is right
DMZ... Webmail??????/Nfuse?????? I do not understand what you are trying to accomplish. Are you running email service inside?
I can access my webmail (Internet) with DMZ turn off.
I am confused on why you need DMZ turn on. This opens the doors to hackers.....
Dogs Have Owners; Cats Have Staff
- NT50
- PROfessional Member
- Posts: 8220
- Joined: Sat Jun 19, 2004 4:46 pm
- Location: Jackson, TN USA
- Real Name: Jeff Replogle
There's nothing wrong with a DMZ if it's set up right. Say you're running a public FTP, and the server is installed in the general users networks, then if a malicious hacker cracks the FTP server, thanks to NIS/NFS services and trusted systems on Unix hosts, or generic Windows NT/2000 security, the hacker can have access to pretty much the whole network. If the FTP server is on a completely different, unrelated network then once the malicious hacker hacks the network the absolute best they can do is access to the hosts in the DMZ. At worst, they could trash the FTP, but that's it.
All a DMZ is doing is moving any network services that need to go to the outside to a separate network. All that said, I would be very careful when I set up a DMZ, and then only use it if I HAVE to open part of my network up for an email or FTP server.
For that matter, if you want to make a router even more secure, forward your dmz to a non-existent IP address.
All a DMZ is doing is moving any network services that need to go to the outside to a separate network. All that said, I would be very careful when I set up a DMZ, and then only use it if I HAVE to open part of my network up for an email or FTP server.
For that matter, if you want to make a router even more secure, forward your dmz to a non-existent IP address.
NT50, need a DMZ to provide the initial access for people who don't connect via a VPN therefore they have to see something from a standard web connection. I was trying to say that in some cases a DMZ is needed and as long as the dangers are known then the threat of attack can be mitigated.
______________________
Never let your sense of morals prevent you from doing what is right
______________________
Never let your sense of morals prevent you from doing what is right
NT50, Seriously advise against putting Firewall on Server 2003. In my personal experience, it's just as bad as getting a virus on the Machine. Most of the AD services will stop working.
The other thing, is Symantec Client Security, which has a Firewall and Symantec Antivirus Corporate 10. It's the package that I was using when the Idiot managing the Group Policy refused to reallow Windows Firewall, under the guise that 'we're protected from hacks here...' Obviously didn't consider home.
The other thing, is Symantec Client Security, which has a Firewall and Symantec Antivirus Corporate 10. It's the package that I was using when the Idiot managing the Group Policy refused to reallow Windows Firewall, under the guise that 'we're protected from hacks here...' Obviously didn't consider home.
"Know this, you can cut me off from the civilized world, you can incarcerate me with two moronic cell mates, you can torture me with your thrice daily swill, but you can not break the spirit of a Winchester. My voice shall be heard from this wilderness and I shall be delievered from this feted and festering sewer." - Charles Emerson Winchester, III, M*A*S*H
19 posts
• Page 2 of 2 • 1, 2
Who is online
Users browsing this forum: No registered users and 1 guest