[Konsole-devel] [Bug 36779] Suggest allowing Schema/colors as Konsole command-line option.

Alan Prescott - Systems Support alan.prescott at jarrold.com
Mon Sep 30 11:07:54 UTC 2002


------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
     
http://bugs.kde.org/show_bug.cgi?id=36779     




------- Additional Comments From alan.prescott at jarrold.com  2002-09-30 13:07 -------
Subject: Re: Firewall setup - Stage 1

Ok David I've finally got dsome of this info together. The whole system is something of a mess, primarily because we have inherited a system which was supposed to cover Jarrolds as a whole (Print, Retail and Publishing) and was originally set upon the understanding that there wouldn't be a lot of internet connections. This goes some way to explaining the Class C 194.70.191.0 network. The 150.150.0.0 sub-net range was also in inheritance and we intend to move away from this in the future to the 10.32.0.0/11 sub-net. Again, in the future, we may need to split this sub-net further into departmental levels and put routyers/firewalls between departments. The main reason for this being that CTP may want to put in public web services which may be insecure as far as the rest of the company is concerned..
The attached visio drawings should give the basic details of routers, external links, subnets etc. as these stand at present and how we intend to progress them.
We don't currently have our own Web or FTP servers configured. These should go in the Vio firewall DMZ as and when we set them up. Currently we have the Insite Web Server which is to go via the Vio proxy server service and the MIS web server which is both our internal web server and provides access for external employees.

I doubt that this covers all that you require but I thought it best to send this now so that you can let me know what other info  you want.

- Alan
alan.prescott at jarrold.com 


>>> David Chitolie <dchitolie at vio.com> 24/09/02 11:52:24 >>>
Hi Alan,

As we described earlier on our conference call there will be three stages to
completing the secure installation of your firewall.

Stage 1 -  Information gathering - Lan diagram

A) Network Side - Please include any switches, routers, Sonicwall Firewall
and any external links you have coming into your LAN (eg Vio or any other
leased line, adsl etc).

B) Hosts - It's important for me to know the type of access each machine or
subnet will have, you will need to include host and subnet positions on this
diagram. Hosts can be mail, ftp or web servers etc. I need to know where
they currently fit in your LAN to define a secure policy for inbound access
to these servers.

One way to completely bypass the firewall is to dial up to an ISP etc while
connected to the LAN. If you have any users dialing up from the office to
another LAN (Finance department may dial up to banking or payroll system)
please include the machine that uses the analogue/ISDN line.

If you do not currently have a network diagram I have attached a powerpoint
diagram that can be used as a template. Its not very pretty but it's easy to
change around for your needs.

Once I have this info we can move to stage 2 - Defining inbound access to
servers then last to stage 3 Outbound access definitions.

The actual firewall configuration is the last stage. This policy is not
specific to the Sonicwall, It's a policy you can implement on almost any
firewall.

Regards

David Chitolie
Vio Worldwide Operations
Senior Systems Engineer
Telephone: 01923 698 055
Mobile: 07803 976 030
Vio address: Operations at Vio Worldwide Limited
 





Created an attachment (id=106)
 --> (http://bugs.kde.org/attachment.cgi?id=106&action=view)
subnet.vsd

Created an attachment (id=107)
 --> (http://bugs.kde.org/attachment.cgi?id=107&action=view)
subnet_current.vsd

Created an attachment (id=108)
 --> (http://bugs.kde.org/attachment.cgi?id=108&action=view)
Printing LAN.doc

Created an attachment (id=109)
 --> (http://bugs.kde.org/attachment.cgi?id=109&action=view)
InterScan_Disclaimer.txt



More information about the konsole-devel mailing list