--===============0692014902==
Content-Type: multipart/alternative;
boundary="----=_Part_3245_30488406.1194635996736"

------=_Part_3245_30488406.1194635996736
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Just some thoughts:

-a bastian host is a good idea, but I would suggest a Linux server for the
setup, that might reduce your hardware costs
-the best way to open those ports, would be to restrict them by source and
destination addresses (in the example we narow down the scope)

My idea:

You could use a virtualization product. I had some positive experiance.

Posible setup:

I'm going to asume that your company uses M$ for the choise desktop. One
might consider seting up Vmware server (whitch is free) and a minimized OS
instaled within(linux again). Runing on another subnet. Instaled on each
client that has the need. The physical layer is the same, but there are
benefits. Each of those clients could be a bastian host. Creating a bastian
subnet. That way the users have full functionlity.

But there is a mayor consideration. A bug in vmware could expose the other
subnet.


What are your thoughts?



On Nov 9, 2007 5:36 PM, Brian Loe wrote:

>
>
> On Nov 9, 2007 8:44 AM, Timothy Shea wrote:
>
> >
> > So please spare us your moral outrage.
> >
> > t.s
> >

>
> Moral outrage?
>
> I'm not sure what you read, or where, but it certainly wasn't the e-mail
> you quoted.
>
> He works for an insurance company. My insurance company has more info on
> me than my wife. I don't want that information given up to some script
> kiddie!
>
> I won't comment on your former employers - I keep my moral interests and
> concerns to myself...
>
>
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailma...rewall-wizards
>
>


------=_Part_3245_30488406.1194635996736
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Just some thoughts:

 

-a bastian host is a good idea, but I would suggest a Linux server for the setup, that might reduce your hardware costs

-the best way to open those ports, would be to restrict them by source and destination addresses (in the example we narow down the scope)

 

My idea:

 

You could use a virtualization product. I had some positive experiance.

 

Posible setup:

 

I'm going to asume that your company uses M$ for the choise desktop. One might consider seting up Vmware server (whitch is free) and a minimized  OS instaled within(linux again). Runing on another subnet. Instaled on each client that has the need. The physical layer is the same, but there are benefits. Each of those clients could be a bastian host. Creating a bastian subnet. That way the users have full functionlity.

 

But there is a mayor consideration. A bug in vmware could expose the other subnet.

 

 

What are your thoughts?



 

On Nov 9, 2007 5:36 PM, Brian Loe <knobdy@gmail.com> wrote:





On Nov 9, 2007 8:44 AM, Timothy Shea <tim@tshea.net> wrote:




So please spare us your moral outrage.



t.s


Moral outrage?

I'm not sure what you read, or where, but it certainly wasn't the e-mail you quoted.

He works for an insurance company. My insurance company has more info on me than my wife. I don't want that information given up to some script kiddie!


I won't comment on your former employers - I keep my moral interests and concerns to myself...



_______________________________________________
firewall-wizards mailing list

firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards





------=_Part_3245_30488406.1194635996736--

--===============0692014902==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailma...rewall-wizards

--===============0692014902==--