#1  
Old 24th February 2006, 17:33
mphayesuk mphayesuk is offline
Senior Member
 
Join Date: Sep 2005
Location: UK, East Midlands
Posts: 517
Thanks: 1
Thanked 3 Times in 3 Posts
Send a message via MSN to mphayesuk
Default Network Cards and access

Ok What I am doing is using my suse 10 64bit box for ispconfig and at the moment I have 3 network cards in. I plan on having two for public use and one for my private lan.

1) What are the risks with having this configuration
2) Is there a way to protect my internal network from being accesed through the public cards.

I plan on not having root access through ssh but another admin style account, if this makes any difference.

Thanks
Reply With Quote
Sponsored Links
  #2  
Old 25th February 2006, 13:32
ryoken ryoken is offline
Member
 
Join Date: Feb 2006
Posts: 33
Thanks: 0
Thanked 0 Times in 0 Posts
Post

Quote:
Originally Posted by mphayesuk
Ok What I am doing is using my suse 10 64bit box for ispconfig and at the moment I have 3 network cards in. I plan on having two for public use and one for my private lan.

1) What are the risks with having this configuration
2) Is there a way to protect my internal network from being accesed through the public cards.

I plan on not having root access through ssh but another admin style account, if this makes any difference.

Thanks
could you please expand your definition of "public use"? do you mean one NIC is connected to the WAN (the big bad internet), the other NIC connects to the DMZ, and the final one to the private LAN? an ascii diagram of your network topology would not go astray here

if my assumptions above are correct, then 1) there will always be risks involved 2) but this can be minimised by using a correctly configured firewall AND making sure all daemons on that server are listening on the correct interface. misconfiguration will make your linux server far more vulnerable than any windows desktop!

Last edited by ryoken; 25th February 2006 at 13:37.
Reply With Quote
  #3  
Old 26th February 2006, 18:24
mphayesuk mphayesuk is offline
Senior Member
 
Join Date: Sep 2005
Location: UK, East Midlands
Posts: 517
Thanks: 1
Thanked 3 Times in 3 Posts
Send a message via MSN to mphayesuk
Default

Network Config

|-------------------|
| Modem/Router | -- public addresses x 8
|____________|
| |
| |
| |
| |--------------------------- Linux Server
|-----------| |-- 2 nics with public addresses
| Router | 1 nic linked to internal network
|_______| switch
| |
| network switch |-------------------------------
|
Internal Network
Windows boxes

Hope this helps with what I am talking about
Reply With Quote
  #4  
Old 5th March 2006, 10:33
ryoken ryoken is offline
Member
 
Join Date: Feb 2006
Posts: 33
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

well based on your diagram, i'd say you will have to configure your 2nd router to use ip/port filters (not the modem/router) to block all inbound external traffic except what is only essential (e.g. http, ftp, and maybe ssh). likewise, all outbound external traffic should be screened for maximum security (again, only allow certain protocols). most basic routers should have a ip/port filter feature for u to customise.

hope this helps...
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 19:01.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.