RE: Securing Fedora Core 4

From: Will Yonker (aragonx_at_dcsnow.com)
Date: 09/23/05

  • Next message: Charles Heselton: "RE: Securing Fedora Core 4"
    Date: Fri, 23 Sep 2005 12:10:41 -0400 (EDT)
    To: charles.heselton@gmail.com
    
    

    <quote who="Charles Heselton">
    > Like I said, they all provide the same outcome. They all are
    > glorified wrappers for iptables, so they all have the same ultimate
    > effect. I believe shorewall is a little more "low-level", and may
    > provide more of the granularity that you are probably looking for. I
    > haven't used shorewall, so I can't say for sure. If that one doesn't
    > work out, I would recommend finding/writing a script (at least) to
    > manage your iptables configuration. It makes for easy management and
    > configurability, and you also are less likely to "fat-finger"
    > something. ;-)

    I guess I'm really afraid of missing something important when creating my
    own firewall, like some spammer domains and/or IP addresses I don't know
    about that I should block...

    >> > 7. If you have another mail host for external mail
    >> > (administrative messages and such), configure sendmail to only
    >> > send mail internally (local system). You can configure spam
    >> > assassin if you want, but unless you're actually transferring
    >> > bulk mail, you don't really need it, nor the other 3 spam filters
    >> > you listed.
    >>
    >> The hosts will receive email for the domain so spam filters
    >> are required.
    >
    > So, every host will be an MTA?

    No but every Linux machine will. The client machines run Windows XP.
    There are 3 offices at 3 different sites with 3 different domain names...

    > Well, once you get the general gist down, you can break it up and
    > simplify it into a checklist. Someone else mentioned that security
    > is an attitude. This is true. It's a way of thinking about how you
    > manage your systems. Identify your critical assets, i.e. what data
    > are you trying to protect? Then, build your protection scheme from
    > the inside out.

    I'm trying to achieve 2 things. Protect these servers from hostiles on
    the Internet and protect the users from themselves (spam and content
    filtering). :(


  • Next message: Charles Heselton: "RE: Securing Fedora Core 4"

    Relevant Pages

    • RE: Securing Fedora Core 4
      ... >> to manage your iptables configuration. ... Protect these servers from ... all comes from "hostiles on the Internet". ... your money maker?" ...
      (Focus-Linux)
    • Re: [kde] SSL/TLS-configuration in KDE 4.3
      ... but maybe the kmail start up password explains this. ... thread eventually suggested that I should really use kwallet to protect ... to a crash and faulty fsck/journal-replay, tho. ... specifically at a linux machine. ...
      (KDE)
    • Re: Allow telnet to only one IP using host.deny or host.allow
      ... or only iptables ?? ... One could argue that this is no "perfect" way. ... And that multiple ... efforts to protect yourself is the best way. ...
      (Fedora)
    • Re: does iptables 100% safe for my LAN ?
      ... > iptables can protect you from outside (read from the internet) exploits. ... What exactly is different about the LAN interface that iptables ...
      (comp.os.linux.security)
    • Re: TCPIP SMTP receiver issues (SYSTEM-F-NOLINKS)
      ... firewall either on dedicated hardware or on the box itself eg Linux Iptables. ... And one can protect an IP-only machine by fronting it with a machine ... SAME protocol suite which with IPtables is done on the same machine. ... Security team leader ...
      (comp.os.vms)