Linux firewall/IDS/NAT suggestions

From: Petty, Robert (rpetty_at_DenverNewspaperAgency.com)
Date: 05/30/03

  • Next message: Sandra Hernandez: "deny deleting a file for users"
    To: "Petty, Robert" <rpetty@DenverNewspaperAgency.com>, focus-linux@securityfocus.com
    Date: Fri, 30 May 2003 09:54:37 -0600
    
    

    I am a seasoned admin, working with Solaris, AIX and the fluffy penguin now
    for 8 years or so....

    I have learned quite a lot about the trade, including to be very cautious
    about proclaiming a system to be secure if I don't absolutely positively
    kinda believe it is....

    Thus my question:

    I want to setup a Linux firewall for a small network of 15 machines
    connected live to the internet via broadband. I don't want to put something
    in place that has a glaring hole I don't know about that makes the
    installation more insecure with a false sense of security.

    Which kernel would be best? 2.0.x, 2.2.x, or 2.4.x?

    Should snort be running on the firewall machine or another machine? If on
    another machine, should I put the firewall and IDS box on a hub as the first
    hop so they both see the same traffic? The customer's router is not
    manageable (linksys) and they have no budget for a Cisco Router or PIX.

    The Linux box will serve as a secondary NAT layer, any pitfalls with this?

    Should SSH go to the firewall machine or be passed through to an internal
    Linux box?

    Should the NAT and Firewall rules be written and maintained on CD-R media so
    a malicious attacker cannot hide rule changes? Should the firewall be
    re-initialized on a schedule to ensure the live rules are those from the
    read-only media?

    Last, but not least, what's a good HowTo that can be used as a basis? I
    would prefer one that starts off a little more strict so I can simplify
    rather than have to bone up on all of the current vulnerabilities.

    Thanks for any replies!

    Robert


  • Next message: Sandra Hernandez: "deny deleting a file for users"

    Relevant Pages

    • Re: Linux or BSD alternative to Windows Home Server
      ... My questions were about Gentoo vs. Linux for a sever, ... I will probably eventually have a dedicated firewall ... if you were to have a file server which is accessible ... I'm aware that I could probably create scripts to regularly backup ...
      (comp.os.linux.misc)
    • Re: Seriously, now that I got Linux LiveCD running, what can I do with it? Newbie questions
      ... as opposed to in Windows. ... this is not a software firewall as in Windows. ... firewalling code in GNU/Linux is actually part of the Linux kernel ... Kubuntu, Xubuntu et al, the first user account created at installation ...
      (comp.os.linux.setup)
    • Re: [opensuse] installing openSUSE on an older pc
      ... it seems Linux in general is going the way of M$, when you come to linux forums ... I picked them up as junk-ware from the Salvation Army thrift store for less than a meal for the family at McD's would cost. ... WYSISYG, and a large, capable desktop manager is going to need more memory. ... My firewall, mail-hub, file-server: all headless. ...
      (SuSE)
    • Re: OT - Desktop Linux
      ... I've got both windows and linux boxes. ... But are there any desktop operating systems out there which enjoy a dis- ... software firewall, have a good and up to date ...
      (alt.sports.basketball.nba.la-lakers)
    • Re: Seriously, now that I got Linux LiveCD running, what can I do with it? Newbie questions
      ... For example, there are some differences in the way distributions handle updates, configuration, root access, etc. - bbgruff is probably used to other distributions and was a little inaccurate about the way sudo is used in Ubuntu and Mint. ... It's probably easier for you to understand if I translate things roughly into windows terms. ... They are not entirely equivalent - MS didn't get things quite right when they copied user access from Linux for use in NT, or when they copied sudo as "user account control" in Vista. ... I don't normally configure a firewall on desktop or laptop Linux machines, and only do so on servers if they are internet-accessible. ...
      (comp.os.linux.setup)