|
Posted by Dale I. Green on January 23, 2007, 9:59 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> dig@notmail.com says...
>> VB, Thank you for your input. I assume by your comments that you
>> consider my goals to be naive but that you think my overall approach
>> is solid. Is that right?
>>
>> >> Also I would like to allow only very limited Internet access
>> >> to/from the server, 1) for credit card authorization and 2) for
>> >> remote access (e.g. RAdmin).
>> >
>> > This is an oxymoron now. You will not manage to do what you want.
>> > The best compromize will be: don't route into the net on the
>> > server, and filter anything with the exception of the needed
>> > servces on the server.
>>
>> What do you mean by "don't route into the net on the server"? Also,
>> by "filter" do you mean using the hardware router, a software
>> firewall, or something else?
>
> You need a real firewall appliance and then you setup only the access
> that you want to permit - do not confuse a NAT Router as a firewall
>
> With a real firewall appliance you can setup a IPSec client to allow
> you to remotely connect to the firewall itself, then from a rule in
> the firewall, your authenticated user can remotely admin the server.
>
> You can also allow outbound to the credit card processing facility and
> block all other access.
>
Leythos, Thank you!
Does "IPSec" imply VPN?
Could you suggest a firewall appliance which would be suitable? I
checked newegg and the best rated firewall is the NETGEAR FR114P. Would
this be a good choice?
Finally, would you still recommend using 2 switches, a "local" and an
"Internet facing"?
Thanks again. I appreciate your advice.
Kind regards,
Dale
| 
XML site map