Security Basics mailing list archives
Re: limit access to other LAN computers
From: Hobbe <my1listmail () gmail com>
Date: Tue, 27 Apr 2010 13:06:20 +0200
Actually it all boils down to how secure do you need them to be ? with that I mean how hard should it be for the linux maschines to break out of their confinement ? IF and i say IF you know what they are supposed to connect to and what they are supposed to connect to is a small thing ie ntp and such stuff then you actually can set some access-list rules in the switches. (if you have cisco switches most of them support it) however if they are supposed to run a samba server for all the windows machines, well then you are pretty much screwed whatever you do. so start with thinking the design through and how you are supposed to use the system. when you have a design, lockdown everything. when you have locked down everything look at what needs to be open. when you know what needs to be open, look at what that affects and what can you do if you open that. weigh pros and cons and see what you gain and what you loose by opening X. in the end you will se what must be done for this setup in your system. HTH Hobbe On Mon, Apr 26, 2010 at 9:15 PM, Tim Gonzales <tim.gonzales () gmail com> wrote:
One way to achieve this might be to place the Linux machines into a DMZ. You could then place a firewall between the DMZ and the rest of your network thus controlling what those machines have access to. See below for more info: http://en.wikipedia.org/wiki/DMZ_(computing) You also might want to create restricted user accounts on the Linux machines and only give your clients the access required to do their jobs. Also, don't give the clients accounts of any of the machines other than the ones they need to work on. ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- limit access to other LAN computers nsantos . pessoal (Apr 26)
- Re: limit access to other LAN computers Pierre Jaury (Apr 26)
- Re: limit access to other LAN computers Antão Miguel Chantre (Apr 26)
- Re: limit access to other LAN computers ArMan (Apr 26)
- Re: limit access to other LAN computers Pierre Jaury (Apr 27)
- Re: limit access to other LAN computers Tim Gonzales (Apr 26)
- Re: limit access to other LAN computers Hobbe (Apr 27)
- <Possible follow-ups>
- Re: limit access to other LAN computers christianbenjamin (Apr 27)