DMZ is the only way to go. You need to segment the network into vlans use a smoothwall box or other linux/openBSD firewall to control the network access into the servers.
Basically if you only have control over your servers then make sure no one else can easily get control of any service other than what they should be getting access to. Your internal client network needs to be treated as if it were external.
Extract:
"Ten years out, in terms of actual hardware costs you can almost think of hardware as being free -- I'm not saying it will be absolutely free -- but in terms of the power of the servers, the power of the network will not be a limiting factor," Gates said, referring to networked computers and advances in the speed of the Internet.
So he doesn't mean that hardware will be free, he means that hardware will not be a limiting factor to software design.
Doesn't change the fact that Bill is a bit of an asshat though.
Slashdot Mirror
DMZ is the only way to go. You need to segment the network into vlans use a smoothwall box or other linux/openBSD firewall to control the network access into the servers.
Basically if you only have control over your servers then make sure no one else can easily get control of any service other than what they should be getting access to. Your internal client network needs to be treated as if it were external.
jExtract: "Ten years out, in terms of actual hardware costs you can almost think of hardware as being free -- I'm not saying it will be absolutely free -- but in terms of the power of the servers, the power of the network will not be a limiting factor," Gates said, referring to networked computers and advances in the speed of the Internet. So he doesn't mean that hardware will be free, he means that hardware will not be a limiting factor to software design. Doesn't change the fact that Bill is a bit of an asshat though.