I have the following idea for a Linux based firewall, which will hopefully
make it safer to connect a LAN to the Internet.
1. The firewall will be a dedicated machine.
2. Its root filesystem and all software will be burned in a CD-ROM. The
other filesystems (floppy and hard disk) will be mounted.
3. It will boot from a floppy disk (write-protected, of course) - as the
PC on which I want to implement the idea is older and its BIOS does not
know to boot directly from CD-ROM.
4. Any files, which may have to be modified (such as network configuration
and firewall rules for ipchains), will be stored on the floppy disk.
5. The PC in question has memory and hard disk - the hard disk will be
used only for logfiles and temporary files - nothing permanent needs to
be stored in it or executed from it.
The advantage is that even if the root is compromised, the cracker's
ability to inflict actual damage will be limited.
The question - did anyone already do something similar?
If yes, can he/she share with me any tips on how to actually do this, and
if and which problems am I likely to face while trying to pull off this
feat?
And - is there anything which may prevent me from reaching the ideal of
inability to break into the internal LAN even if the cracker is logged in
as root?
By the way, the organization, which needs a firewall, has a CD-RW drive -
but it is installed in a MS-Windows NT machine.
Is there anything special I have to do to be able to burn ISO9660
compatible CD-ROMs (so that Linux can mount them without problems) on a
MS-Windows NT machine? (the machine has plenty of hard disk space, so it
is possible to build a CD-ROM image before burning, if necessary).
--- Omer
WARNING TO SPAMMERS: see at http://www.zak.co.il/spamwarning.html
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
