[CS-FSLUG] Challenge Question
Alvin Smith
email at alvinsmith.com
Mon Dec 27 21:24:06 CST 2004
On Monday 27 December 2004 09:07 pm, Ed Hurst wrote:
> This is on my blog, so you can respond there, too.
> ---------------------------------------------------
>
> Your Mission
>
> Let's pretend that someone is offering you a suitable sum of money for a
> project. They have 9 computers on an internal network. Due to the nature
> of their business, there are no Open Source applications for their
> software requirements -- some obscure engineering stuff. Indeed, the
> latest release of their software means all their machines will have to
> run XP. However, they wish to run a gateway/firewall on Linux/Unix. This
> server will also provide mail, with spam-blocking, and PHP/SQL webpage
> service. When the technicians are on the road, they need to login and
> gain access to the file server (XP) behind the firewall. You may assume
> they will login to the gateway first, then login again to the
> fileserver. No one else in the whole world needs to even know about
> what's behind that gateway server. There will be a static IP and T1
> service.
>
> Outline how you would set this up, and respond in the comments. It would
> be good if you explain why you favor this or that OS for the gateway.
First of all, I would not do it that way. I would put everything BEHIND a VPN
router/firewall, with the mail and web server in the DMZ, and tunnel into the
XP server.
Sort of like this:
http://www.smoothwall.net/products/smoothtunnel/
"SmoothWall Corporate Server is a modular firewall system, converting a
standard Pentium™ class PC into a dedicated hardware firewall appliance.
Mid-range in terms of features and performance, Corporate Server can support
networks of many hundreds of computers. Designed for ease of installation and
configuration, it is especially suitable for small to medium size
organisations that do not have specialist security staff.
Corporate Server incorporates stateful inspection technology and an Intrusion
Detection System (IDS). The modular design allows customers to extend the
firewall to provide features including Virtual Private Networking (VPN), Web
Content Filtering and Bandwidth Management.
Corporate Server includes a specialised security hardened version of the Linux
operating system, which is inherently more secure than a general purpose
operating system. Unlike many Linux products, users are not expected to have
any knowledge of Linux; once installed all configuration is performed via a
user friendly Graphical User Interface from any web browser. Corporate Server
can be installed, configured and working in less than 10 minutes.
The default Corporate Server installation is intrinsically secure; all
external traffic is blocked unless it is in response to outgoing traffic,
such as a reply from a web site to a browser request for a page. If Internet
facing computers, such as web or email servers, are to be supported then
paths have to be specifically opened through the firewall to these servers.
Corporate Server will act as an Internet gateway for all the user computers
on the local network - PCs running Microsoft Windows® 95/98/ME, Windows
NT/2000/XP, Mac OS, Linux or Unix; all are easily configured to connect to
the Internet via SmoothWall. Corporate Server supports a wide range of
Internet connections including leased lines via Ethernet routers, ADSL, ISDN,
analogue and cable modems."
http://www.smoothwall.net/products/corporateserver/
So, do I get the job?
--
peace,
Alvin Smith
http://www.alvinsmith.com
More information about the Christiansource
mailing list