Re: Linux firewall/IDS/NAT suggestions

From: David Nichols (dnichols_at_amci.com)
Date: 06/02/03

  • Next message: terry white: "Re: Linux firewall/IDS/NAT suggestions"
    To: "Petty, Robert" <rpetty@DenverNewspaperAgency.com>
    Date: Mon, 2 Jun 2003 10:41:21 -0400
    
    

    ----- Original Message -----
    From: Petty, Robert <rpetty@DenverNewspaperAgency.com>
    To: Petty, Robert <rpetty@DenverNewspaperAgency.com>;
    <focus-linux@securityfocus.com>
    Sent: Friday, May 30, 2003 11:54 AM
    Subject: Linux firewall/IDS/NAT suggestions

    > Which kernel would be best? 2.0.x, 2.2.x, or 2.4.x?

    I'd also go with 2.4 because it's the active kernel and I don't think
    iptables is supported on anything else. I'd definitely use iptabes for the
    state processing it offers. Just be sure to use up-to-date drivers on all
    NIC's.

    > Should the NAT and Firewall rules be written and maintained on CD-R media
    so
    > a malicious attacker cannot hide rule changes? Should the firewall be
    > re-initialized on a schedule to ensure the live rules are those from the
    > read-only media?

    There's no reason why you can't put the whole system on CDR and write
    protected floppy and boot the whole thing into a RAM disk. If it's ever
    comprimised, change the vuneriable/cracked parts and reboot. The Sentry
    firewall project does this. See
    www.sentryfirewall.com for details. It's based on the Slackware distro
    last time I checked. Another choice is IPCop
    http://ipcop.org/cgi-bin/twiki/view/IPCop/WebHome I've never played with it
    but saw it listed elsewere on the list.

    > Last, but not least, what's a good HowTo that can be used as a basis? I
    > would prefer one that starts off a little more strict so I can simplify
    > rather than have to bone up on all of the current vulnerabilities.

    Sentry has a posted mini-howto. There's also several HOWTO's on filtering:
    Linux 2.4 Packet Filtering
    Linux netfilter Hacking
    Netfilter Extensions
    Linux 2.4 NAT
    There's also an iptables tutorial by Oskar Andreasson.

    > Thanks for any replies!

    No Problem!
    David


  • Next message: terry white: "Re: Linux firewall/IDS/NAT suggestions"