RE: XP box inside the firewall
If adding a DMZ isn't suitable you should cirtainly block cirtain outgoing
ports
I recomend blocking every outgoing port except thouse that you need (i.e.
http, ssh etc)
would also recomend blocking outgoing email from everything except the
firewall, that way if the windoze box (or any other) picks up a nasty it
will not be able to email by itself to the rest of the world...
Andy
-----Original Message-----
From: Jeff [mailto:jcoppock1@comcast.net]
Sent: 30 July 2003 22:44
To: debian-security@lists.debian.org
Subject: Re: XP box inside the firewall
Kristof Goossens, 2003-Jul-30 14:09 +0200:
> On Wed, Jul 30, 2003 at 02:01:06PM +0200, Kjetil Kjernsmo wrote:
> > Hi all!
>
> [snip]
>
> > The question is really if I could do something in the firewall that
> > would help isolate the XP box somewhat. Closing outgoing ports (input
> > ports are all closed), drop certain types of packages, or something
> > like that?
>
> You can set the notebook on a different network. Put the firewall/router
> on that network with another nic. It's the principle of a dmz... By
putting
> the notebook on another network, and prohibitting access from that network
> to the internal network, you can keep your internal systems safer...
This is a good option. In addition, or even instead of this, educate
your parents about your security concerns. Assuming that you trust
your parents, education could be the simplest solution.
jc
--
Jeff Coppock Systems Engineer
Diggin' Debian Admin and User
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
Reply to: