Re: Linux network security poll
On Sat, Feb 09, 2008 at 05:18:09PM -0500, Zach wrote:
> I need to get serious about security since I will be soon connected to
> the net almost 24x7 (barring a power outage etc.) so I was wondering
> if list members could explain their security setup (network
> configuration, DMZ, firewalls, IDS, logging, etc.). Also what would
> you recommend for someone like me who is still on an entry level in
> terms of my understanding of Linux and network security and what would
> recommend for later on down the road once I get more sophisticated? I
> run Debian lenny with a 2.6.18 kernel. I will be getting ADSL next
> week and plan on having a DSL modem/router doing NAT. I only have one
> machine now but plan on adding another one within the next 3 months or
> so.
It all depends on what you intend to do.  If its just your home box that
will be connected all the time now, and you're not offering services on
the internet, then its pretty straight-forwared and should be no
different to what you are doing now.  If you do need a DMZ, then read
the shorewall-doc package, even if you're not going to use shorewall its
a good document.
Close all ports and only open those ports you need, in all directions,
as default.
Have only those daemons listening which you need to be listening and
only on the interfaces you need.  I.e. if you don't intend to ssh into
your box from the internet, you can tell sshd exactly what interfaces to
listen to (and don't tell it the one for the internet).
Based on other threads I've read recently, its not obvious that you
should have separate NICs for the internet and your internal network.
You do.  NICs are cheap.  If you only add a second box, you can use a
cross-over cable and don't need a switch.  If you add any other network
device, get a linksys 5 port switch for $10 or whatever.
Run ntpd to keep the system time synced.  Your firewall box will
hopefully end up stratum 3.  Your other boxes can watch the firewall and
be stratum 4.
Doug.
Reply to: