Thread: Help Adding Another Website
View Single Post

  #9 (permalink)  
Old 07-22-2003
Mark Antonson
 
Posts: n/a
Default Re: Help Adding Another Website
I said interface because my boss wants to use seperate IP addresses, and (I
may be wrong) but i'm under the assumption that you can't bind multiple IP
addresses to a single interface on the Cisco PIX. That would mean I would
need another interface to support another external IP. But I think the way
i'm doing it will be easy and secure enough, I'll definately look into Snort
and use complex passwords. Thanks for all the help though group!

Mark

"Joe Beanfish" <joebeanfish@nospam.duh> wrote in message
news:3F1C1E4F.AE5DE7B5@nospam.duh...
> Mark Antonson wrote:
> > "Bit Twister" <BitTwister@localhost.localdomain> wrote in message
> > news:slrnbhgetq.38b.BitTwister@wb.home...
> > > On Fri, 18 Jul 2003 13:28:51 -0400, Joe Beanfish wrote:
> > > >>
> > > >> Cable Modem -> Hub -> Firewall 1 -> Network and Old Server
> > > >> -> Firewall 2 -> New Server
> > > >
> > > > Do you really need the servers isolated from each other by firewall?
> > > > You could do this (which is probably more common)
> > >
> > > It would help keep malware installed on the New Server from
> > > getting easy access to boxes on the Old server network.
> >
> > I'm thinking now that I'll just put the new BSD machine out there on
it's
> > own. Unfortunately, the PIX 506 doesn't support more than 2 interfaces,
and
> > the boss wants seperate IP addresses for both websites. So I think I'll
end
> > up with something like this:
> >
> > Cable Modem -> Switch -> Cisco PIX and existing network
> > -> New BSD server
> >
> > I think this should be ok, and I plan on locking the new BSD machine
down as
> > much as possible and keeping it patched religiously (FreeBSD 5.1, Apache
2,
> > and Qmail are all I plan on running on it, besides SSH for admin, etc.
No
> > ftp or telnet).
>
> Unless you're using "interface" to mean "ip" you don't need multiple
> interfaces.
> An "interface" is generally an ethernet port or such. Just plug the
> cable modem
> into the firewall's incoming port and plug the firewall's outgoing port
> into
> into the hub/switch. Then plug as many other devices as desired into the
> hub/switch.
> Then all devices are protected from the outside (but not from each
> other).
>
> Also, don't be fooled into thinking there's anything particularly more
> secure
> about ssh rather than telnet. That's only true in the case of packet
> sniffing.
> You're more likely to get broken into because of flaky software. ssh is
> equally
> vulnerable to such attacks.


Reply With Quote