RE: Securing Fedora Core 4

• Previous message: Charles Heselton: "RE: Securing Fedora Core 4"
• Maybe in reply to: AragonX: "Securing Fedora Core 4"
• Next in thread: Charles Heselton: "RE: Securing Fedora Core 4"
• Reply: Charles Heselton: "RE: Securing Fedora Core 4"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 23 Sep 2005 12:10:41 -0400 (EDT)
To: charles.heselton@gmail.com

<quote who="Charles Heselton">
> Like I said, they all provide the same outcome. They all are
> glorified wrappers for iptables, so they all have the same ultimate
> effect. I believe shorewall is a little more "low-level", and may
> provide more of the granularity that you are probably looking for. I
> haven't used shorewall, so I can't say for sure. If that one doesn't
> work out, I would recommend finding/writing a script (at least) to
> manage your iptables configuration. It makes for easy management and
> configurability, and you also are less likely to "fat-finger"
> something. ;-)

I guess I'm really afraid of missing something important when creating my
own firewall, like some spammer domains and/or IP addresses I don't know
about that I should block...

>> > 7. If you have another mail host for external mail
>> > (administrative messages and such), configure sendmail to only
>> > send mail internally (local system). You can configure spam
>> > assassin if you want, but unless you're actually transferring
>> > bulk mail, you don't really need it, nor the other 3 spam filters
>> > you listed.
>>
>> The hosts will receive email for the domain so spam filters
>> are required.
>
> So, every host will be an MTA?

No but every Linux machine will. The client machines run Windows XP.
There are 3 offices at 3 different sites with 3 different domain names...

> Well, once you get the general gist down, you can break it up and
> simplify it into a checklist. Someone else mentioned that security
> is an attitude. This is true. It's a way of thinking about how you
> manage your systems. Identify your critical assets, i.e. what data
> are you trying to protect? Then, build your protection scheme from
> the inside out.

I'm trying to achieve 2 things. Protect these servers from hostiles on
the Internet and protect the users from themselves (spam and content
filtering). :(

• Previous message: Charles Heselton: "RE: Securing Fedora Core 4"
• Maybe in reply to: AragonX: "Securing Fedora Core 4"
• Next in thread: Charles Heselton: "RE: Securing Fedora Core 4"
• Reply: Charles Heselton: "RE: Securing Fedora Core 4"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: Securing Fedora Core 4 ... >> to manage your iptables configuration. ... Protect these servers from ... all comes from "hostiles on the Internet". ... your money maker?" ... (Focus-Linux) Re: does iptables 100% safe for my LAN ? ... > iptables can protect you from outside (read from the internet) exploits. ... What exactly is different about the LAN interface that iptables ... (comp.os.linux.security) Re: TCPIP SMTP receiver issues (SYSTEM-F-NOLINKS) ... firewall either on dedicated hardware or on the box itself eg Linux Iptables. ... And one can protect an IP-only machine by fronting it with a machine ... SAME protocol suite which with IPtables is done on the same machine. ... Security team leader ... (comp.os.vms) Re: Wich port for Server Monitor and Server Status on OS X ... If you are using IPTABLES on a Mac then this is the wrong group. ... If you are using a Linux firewall to protect your Mac then tail -f ... (comp.os.linux.security) Re: does iptables 100% safe for my LAN ? ... >> iptables can protect you from outside (read from the internet) exploits. ... The example you site is clearly mark "very simple firewall" but that is not ... (comp.os.linux.security)