JBoss
21.09.2002, 20:13
Some buddies asks me questions about recommended network configuration. So, this is an example (for security) of my home network.
So, we have: one desktop system, 2 notebooks and ADSL line.
First of all its a server on desktop system: Windows 2000 Server with SP3. Roles: network router, DHCP, DNS, Firewall and E-mail server. Installed additional hardware: ADSL USB modem and additional hard disk. Installed software: Microsoft ISA server SP1, Microsoft Exchange 2000 Server and VMware GSX server. Inside virtual system, provided by VMware GSX server runs RedHat Linux 7.3. This computer has 2 IP addresses: one - fake (10.10.10.10) and one real (provided by ISP).
How it works? When arrives an request from the Internet, it will be rerouted to the internal network with fake IP addresses: 10.10.10.1 to 10.10.10.10. All ports on this system are managed by Microsoft ISA server SP1, so, it request arrives to closed port -- it will be denied.
How Web and E-mail servers are working? We know that SMTP protocol works via port 25. I opened this port from the Internet to Microsoft Exchange 2000 server. In same way opened port 80 for Web Server. Simple Microsoft IIS on Windows 2000 systems redirects requests to Apache server under RedHat Linux 7.3 to fake IP addresses.
Clients: clients are 2 notebooks. They are powered by Microsoft Windows XP Professional SP1, and they are members of home domain. When one from them or both connects LAN - fake IP address will be assigned by Windows 2000 system and routing scheme will be updated. IP protocol on clients will see: IP:10.10.10.1, Subnet mask: 255.255.255.0, Default gateway 10.10.10.10, DNS server: 10.10.10.10. All parameters are fake.
If hacker cracks Microsoft ISA Server (I don't know anybody, who can do it (256 bytes FKZ and IKE encryption), but, if he is so good) he can see empty computer without any information and without access to system share because I use encrypted NTFS file system.
From other side I enjoy instant Internet access for 2 (clients' quantity can be more, up to 128) computers', E-mail and Web Site. All file sharing provided by SAMBA on RedHat Linux 7.3.
Enjoy.
So, we have: one desktop system, 2 notebooks and ADSL line.
First of all its a server on desktop system: Windows 2000 Server with SP3. Roles: network router, DHCP, DNS, Firewall and E-mail server. Installed additional hardware: ADSL USB modem and additional hard disk. Installed software: Microsoft ISA server SP1, Microsoft Exchange 2000 Server and VMware GSX server. Inside virtual system, provided by VMware GSX server runs RedHat Linux 7.3. This computer has 2 IP addresses: one - fake (10.10.10.10) and one real (provided by ISP).
How it works? When arrives an request from the Internet, it will be rerouted to the internal network with fake IP addresses: 10.10.10.1 to 10.10.10.10. All ports on this system are managed by Microsoft ISA server SP1, so, it request arrives to closed port -- it will be denied.
How Web and E-mail servers are working? We know that SMTP protocol works via port 25. I opened this port from the Internet to Microsoft Exchange 2000 server. In same way opened port 80 for Web Server. Simple Microsoft IIS on Windows 2000 systems redirects requests to Apache server under RedHat Linux 7.3 to fake IP addresses.
Clients: clients are 2 notebooks. They are powered by Microsoft Windows XP Professional SP1, and they are members of home domain. When one from them or both connects LAN - fake IP address will be assigned by Windows 2000 system and routing scheme will be updated. IP protocol on clients will see: IP:10.10.10.1, Subnet mask: 255.255.255.0, Default gateway 10.10.10.10, DNS server: 10.10.10.10. All parameters are fake.
If hacker cracks Microsoft ISA Server (I don't know anybody, who can do it (256 bytes FKZ and IKE encryption), but, if he is so good) he can see empty computer without any information and without access to system share because I use encrypted NTFS file system.
From other side I enjoy instant Internet access for 2 (clients' quantity can be more, up to 128) computers', E-mail and Web Site. All file sharing provided by SAMBA on RedHat Linux 7.3.
Enjoy.