home network security w negear router

[mailings02 at ttlexceeded.com (Bob George)]

On Mon, 2003-12-22 at 00:30, steve at horne.homelinux.net wrote:
> [...]
> In my original config (running now) I have a firewall which is somewhat 
> sacrificial, serving a network which has one particular server on it that
> holds everything -- eg, financial/tax records.  The firewall got hacked 
> once, but I detected the event and although
> the firewall was more or less destroyed, the event did no damage to
> that particular server.  

Is the server being handed any sort of external traffic, or is it a
server only for INTERNAL addresses?

> [...]
> I worry that if I drop that firewall, and connect the server directly 
> to the netgear router, am I asking for trouble?

The trouble usually starts when you start drilling holes through the
firewall, or worse, handling services on the firewall itself. How did
your previous firewall get hacked? Did you have something open to the
outside? If the new firewall doesn't allow anything to touch inside
systems, it's reasonably safe.

The same can happen if you allow traffic to an internal system and don't
protect that system adequately (harden and maintain). That can be the
case with ANY firewall solution. One "problem" with a full-blown OS as a
firewall (i.e. Linux) is the temptation to do other, non-firewall stuff
on the box as well, thereby exposing it to additional risks.

> This must be a fairly common setup.  If someone who is running something
> similar would describe what they did to secure it, I'd be grateful.

I'm new to the area, having moved here from Phoenix back in July. There,
if anyone suggested replacing a Linux box with an appliance type
firewall, there would be a bit of a howl. Those little boxes generally
work fine, but you have a lot more control -- and can monitor a lot more
-- with Linux (or BSD, etc.) The simple boxes are a lot less headache to
run admittedly!

- Bob