Thread: The Grand Project - Suggestions, please!
View Single Post
  #5  
Old November 12th, 2004, 09:50 PM
scruffy's Avatar
scruffy scruffy is offline
Notorious Olive Counter
  
Join Date: Dec 2000
Location: Soviet Canuckistan
Posts: 1,726
Thanks: 0
Thanked 0 Times in 0 Posts
scruffy is on a distinguished road
Sounds like a very interesting project.

I used to work in tech support for Intuit - on Quicktax, not Quickbooks, but I think I got a bit of an overall impression. I wish I could recommend that you use their software on a Mac, but I just can't - at least for Quicktax, the whole Mac product was very much an afterthought - not the sort of product I would trust my finances to at all.

From a security perspective, I would suggest you segregate the different functions as much as possible - don't put VoIP devices on the same networks as desktops - the networks might share the same internet connection, but put them on different firewall interfaces, and don't let anything cross between those two networks. You don't control that equipment, and manufacturers of "not really a computer"-type network devices tend to have very questionable security records.

Think very carefully about wireless - it can be one of the biggest security headaches if it's done wrong, and it can be a lot of overhead to do it right. If you do decide to go with wireless, definitely put it on a different firewall interface from any business related systems, and consider any traffic coming from it as being as potentially unfriendly as stuff from the internet at large.

Speaking of firewalls, I'd recommend looking to something other than a Mac for that job. The OS X kernel firewall is decent as a host firewall, which you'll probably want to turn on on your internal hosts, but it's not really up to the job of being a business's gateway firewall.

I'm learning about Cisco PIX firewalls just at the moment, so of course I'm all excited about those, but they do cost a pretty penny. Netfilter, The Linux kernel firewall, is really quite good also; you might simply want to go with a very minimal Linux install, with however many interfaces you need.

There is an open source GUI called firewall builder http://www.fwbuilder.org/ that will run on OS X, Linux, and Windows (Windows and OS X binaries cost a little, if you don't want to be bothered with X11 and fink), and will generate firewall scripts for Linux, FreeBSD, OS X, OpenBSD and PIX firewalls. It has some nice features like revision control and such... Might be something to look into to make your life a bit easier.
__________________

What is the robbing of a bank compared to the founding of a bank?
-- Bertold Brecht
Last edited by scruffy; November 12th, 2004 at 09:55 PM.
Reply With Quote