From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Thu 23 Sep 2004 - 03:05:44 BST
On Thu, Sep 23, 2004 at 01:44:18AM +0200, Gilles wrote:
> > >
> > > [ (nic2) ] <----> [ (nic3) H2 ]
> > > Internet <----> [ (nic1) H1 ]
> > > [ (nic4) ] <----> [ (nic5) H3 ]
> > > [ (nic6) H4 ] etc.
> > >
> > Internet <---> [nic1 H1 nic2] <---> [nic3 H2 nic4] <---> H3,H4,H5 ...
> > with a border firewall on H1 and a simple firewall
> > and proxy solution on H2, a single vserver on H1
> > with CAP_NET_ADMIN and vservers for each service
> > on H2. why? because!
> What's the difference between "border" and "simple" firewall?
the 'border' firewall protects the office against
the internet, the 'simple' firewall protects your
services (and maybe the border firewall) from the
office users ...
> Can you give some more hints on how H1 should be configured?
> In the first place, why having a vserver on H1?
> Isn't it sufficient to have a firewall on H1 (the host)?
sufficient, well, maybe, but you asked about security
right? and part of that security would be to monitor
the firewall and detect intrusion, which is actually
very simple with a 'non-reachable' host, monitoring
a 'firewall' vserver ...
> If not, how do the host and vserver share responsibilities (pppd,
pppd is probably not a part of the firewall I had in
mind, but if you need some kind of 'dialup' connectivity
for that office, then the 'firewall' host will have to
handle that, of course ...
> Why having 2 firewalls? It makes it necessary to maintain 2 configs.
> 2 layers of protection seem more secure than 1, but if we assume that
> H1 can be cracked, then if H1 and H2 run the same firewall software,
firewall software is iptables in my book, YMMV, and
yes, both machines will use the 'same' software, but
'different' setups, depending on their functionality
> H2 will be compromised with the same exploit...
'pure' kernel exploits are rare, usually such exploits
will be in the services, which usually leads to the
following sequence of events ...
exploit on apache -> root shell on server -> all done
in the depicted setup it will probably happen like
exploit -> root shell on vserver -> isolated
-> exploit to escape vserver -> H2
-> exploit for the firewall -> H1
which looks to me a little more secure than the above.
> Vserver mailing list
Vserver mailing list