Linux firewall/IDS/NAT suggestions
From: Petty, Robert (rpetty_at_DenverNewspaperAgency.com)
To: "Petty, Robert" <rpetty@DenverNewspaperAgency.com>, firstname.lastname@example.org Date: Fri, 30 May 2003 09:54:37 -0600
I am a seasoned admin, working with Solaris, AIX and the fluffy penguin now
for 8 years or so....
I have learned quite a lot about the trade, including to be very cautious
about proclaiming a system to be secure if I don't absolutely positively
kinda believe it is....
Thus my question:
I want to setup a Linux firewall for a small network of 15 machines
connected live to the internet via broadband. I don't want to put something
in place that has a glaring hole I don't know about that makes the
installation more insecure with a false sense of security.
Which kernel would be best? 2.0.x, 2.2.x, or 2.4.x?
Should snort be running on the firewall machine or another machine? If on
another machine, should I put the firewall and IDS box on a hub as the first
hop so they both see the same traffic? The customer's router is not
manageable (linksys) and they have no budget for a Cisco Router or PIX.
The Linux box will serve as a secondary NAT layer, any pitfalls with this?
Should SSH go to the firewall machine or be passed through to an internal
Should the NAT and Firewall rules be written and maintained on CD-R media so
a malicious attacker cannot hide rule changes? Should the firewall be
re-initialized on a schedule to ensure the live rules are those from the
Last, but not least, what's a good HowTo that can be used as a basis? I
would prefer one that starts off a little more strict so I can simplify
rather than have to bone up on all of the current vulnerabilities.
Thanks for any replies!