Mailinglist Archive: opensuse-security (465 mails)

< Previous Next >
Re: [suse-security] Offtopic (maybe): Proposal for school network
Hi Philipp,

thank you for your suggestions.

> 2. NIDS. Run a NIDS on all firewalls including one dedicated NIDS
box in your DMZ -> could be instead of your win2k Domaincontroller.
I don't know what a NIDS is. I guess Network Intrusion Detection
System? Well I have not very much knowledge in that sector, but I will
read as much as I can get on NIDS and install one. Thank you for that.

> 3. Domain controller in a dmz: U don't need that. We're talking
about network layers not about application layers.
I think I got that wrong. I thought that every computer in one network
has to be registered in a domain controller, so I setup one for the
DMZ (because this should be a seperate network) and one for the
internal network. I changed that, and uploaded a new draft.

> 4. Windows attached to the internet? If not a must for some reason,
don't do it. Windows is expensive in any way.
The problem is that our administrator doesn't know much about Linux,
and we have to use Windows as a Webserver because the pupils use
Frontpage and ASP for their projects (I know that's lame, but I can't
change that, sorry.)

> 5. Proxy: You'll be fine running it on Firewall2.
ok.

> 6. diversification: Firewall1 OS <> Firewall2 OS.
What OS would you suggest if not both Linux?

Have a nice day,

Christoph



< Previous Next >
References