from Leo Kliger:
I think that you want to build a split DNS with firewall
protection......
for example:-
Internet<--->Router<--->Firewall(External DNS)<--->Internal Web Serivces
(Internal DNS)
|
|
v
DMZ (External Web Services)
without knowing your situation it is impossible to know whether what you
want and what
you need are the same thing..... but if you acquire and read the following
two books
you will be well on your way.....
Building Internet Firewalls by Chapman and Zwicky (O'Reilly) ISBN
1-56592-124-0
DNS & BIND by Albitz & Liu
(O'Reilly) ISBN 1-56592-512-2
from Jeffrey Mogul:
Tru64 does not have NIT, it has support for a more efficient
mechanism called the packet filter (including the "Berkeley
Packet Filter", or BPF). See
man packetfilter
man bpf
The most useful program to run is probably tcpdump, which
(as far as I am aware) is a lot like "snoop". See
man tcpdump
for details.
Note that you may need to look at the instructions in
man pfconfig
if you want to allow non-root users to run tcpdump.
Tcpdump should NOT be installed as a setuid program on Tru64.
from Ron DuFresne:
Biel,
The key to locking up a machine in a secure fashion is to only run the
services that machine needs, and to patch up
to the most current stable patch level for the kernel and all the packages
running on it. Make sure you have shadow
passwords working, turn off nasties lie all the r commands, and preferably
even telnet, use ssh/scp. If the machine
is accessible by the internet, then additional firewalling software is
neesecary.
merces a tothom! - thanks to all!
______________________________
Biel Sabate - catau.com
Badalona - Catalunya - Europa
Planeta Terra - Via Lactia - Univers 3-D
---------------------------------------------
Received on Tue Apr 25 2000 - 18:44:29 NZST