Great Circle Associates Firewalls
(December 1997)

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: Protected Web Server?
From: "Daniel \"Cheez\" Brown" <cheez @ linux . globalreach . net>
Date: Tue, 30 Dec 1997 11:31:42 -0600 (CST)
To: Milton Shomo <mshomo1 @ priceinteractive . com>
Cc: "'firewalls @ greatcircle . com'" <firewalls @ GreatCircle . COM>
In-reply-to: <01BD1509 . EA9EB340 @ Milton . priceinteractive . com>

	That is a secure setup, about as secure as PIX can make for. To go any
more on that setup, running a firewall behind the pix would be necessary, and 
even then that wouldnt help TOO much, so... ;-) IMHO Thats a pretty good setup,
just keep abreast of Cisco Field Notices on the PIX software and all. 

Happy New Year,

+----Daniel "Cheez" Brown------------Global Data Systems-------+
| | Security Advisor, Global Reach |
|     cheez @
 lowprofile .
 net    |  Cisco Systems WAN Specialist  |
| UNIX/Linux/HP-UX specialist |  Remote Management Specialist  |
|      If at first you don't succeed, redefine success.        |
| Contrary to popular opinion, UNIX is user friendly. It just  |
+-happens to be very selective about who it makes friends with.+

On Tue, 30 Dec 1997, Milton Shomo wrote:

> Hi gang-
> I would like to get some comments on how secure the following
> arrangement is:
>   INTERNET- - - - -> Cisco PIX Firewall - - - - -> Web server running on NT40 and IIS 3.0
> The PIX is setup to deny all inbound traffic except what I expressly allow.
> The firewall is doing NAT from our Internet IPs to our private IPs.  I have created
> a conduit allowing outside traffic to the Web server but only to tcp port 80.
> There are no other Internet services running on the Web server box. 
> Milton Shomo, CNE

Indexed By Date Previous: Windows NT 3.51 FTP services
From: Chuck Chitchalerntham <chitch @ datadesign . com>
Next: Re: off topic: ssl setup on web server inside firewall
From: varmav @ verisign . com (Vik Varma)
Indexed By Thread Previous: Protected Web Server?
From: "Milton Shomo" <mshomo1 @ priceinteractive . com>
Next: Multicast forwarding
From: "Oleg V. Kozedub" <olegk @ vdo . net>

Search Internet Search