Re: Securing debian
On Mon, Nov 11, 2002 at 10:03:10AM +1100, Joyce, Matthew wrote:
>
> Hi,
>
> I work with a network, which is part of a much bigger network. The big
> network is managed by someone else.
>
> I am setting up a debian box, it will eventually do mail and web stuff for
> us.
>
> At the moment I have to ask for ports to be opened on our networks router,
> and they are not really happy with me going back to them again and again,
> asking for new ports to be opened.
>
> Should I ask for all access control to be removed from the ip address of the
> box, and then secure the box within debian, or is it well worth having that
> extra level of security on the router ?
>
> The services I want are
>
> To be able to send and receive emails. SMTP
> To access email via IMAP and POP3, including ssl.
> To access apache, including ssl
> To access files via ftp, including ssl.
> To access to bos via SSH
>
> Also, I would like to be able to be abble to offer staff access to our
> network, including nt servers, from their homes, what VPN solutions are
> there available for MAC and Win2k clients to connect through a debain box ?
>
> Thanks
>
> Matt
I wouldn't have everything opened up. Once you have got the new box all
settled down then you will find you don't need to hassle the other
admins anymore. It is just an initial phase.
As for VPN, I have had success with getting freeswan to interoperate
with SSH Sentinel. Mind you, if you are beind some masquerading, you
will be out of luck.
Cheers
Geoff Crompton
Reply to: