[4371] in WWW Security List Archive
Re: Poor mans firewall
daemon@ATHENA.MIT.EDU (Michael Laing)
Tue Feb 11 21:56:50 1997
Date: Tue, 11 Feb 1997 18:03:47 -0500
From: Michael Laing <mpl@flni.com>
To: Alexey Zilber <alex@usanetworks.com>
CC: drace@earthlink.net, WWW-SECURITY@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
A really poor man would use linux to do all that and get much better
performance (non-erratic) and a wealth of options a much lower price.
Alexey Zilber wrote:
>
> This, in fact does work. We're still testing out the Internet mail
> connector for MS Exchange. It seems erratic at times, sending emails at
> random times. Sometimes instantly, sometimes after a long wait.
> If you want to be secure, and give users Internet access, take a
> look at Microsoft Proxy. They claim it's not meant to be used as a
> firewall, but that's because it has more limited functionality than a
> firewall. This makes it more secure, but a problem if you want to offer
> services to external users.
> Check it out.
>
> At 02:56 PM 2/7/97 -0800, Dave Race wrote:
> >My firm is preparing to introduce the Internet access to our users. We
> >are concerned with Internet security but we do not have the budget for a
> >firewall. The first service we intend to provide is Internet e-mail.
> >The LAN Administrator came up with the following idea:
> >
> >Set up an NT server with a MS Exchange gateway from MS Mail. Install
> >two NIC, one configured with IP attached to the Internet and the other
> >configured with IPX attached to our internal LAN.
> >
> >Internet <-----> (IP) Exchange Server [NT] (IPX) <-----> Internal LAN
> >
> >The internal LAN also carries TCP/IP traffic, but the theory is that the
> >IP is safe from the Internat because the NIC attached to our LAN speaks
> >IPX only.
> >
> >We know that this may limit us to e-mail only, but the hope is that we
> >will find the funds to build a proper firewall.
> >
> >What do you think???
> >
> >Thanks.
> >--
> >========================================================================
> >Dave Race, UNIX/WAN Administrator drace@earthlink.net
> >Risk Data Corporation, Inc. http://www.riskdata.com
> >111 Pacifica 3rd Floor Phone: (714) 753-8010
> >Irvine, CA 92618-3311 Fax: (714) 753-8020
> >========================================================================
> >
> Alexey Zilber,
> Intranet Developer
--
Michael Laing _|_|_|_| _| _| _| _|_|_|
President _| _| _|_| _| _|
Foster Laing & Noonan, Inc. _|_|_| _| _| _| _| _|
mpl@flni.com _| _| _| _|_| _|
207.832.6372 _| _|_|_|_| _| _| _|_|_|
