RE: E-smith Linux firewall

From: Gregory_DeGennaro_at_csaa.com
Date: 07/17/01

• Vorherige Nachricht: Jeffory Atkinson: "Re: packet capture"
• Nachrichten sortiert nach: [ Datum ] [ Thread ] [ Subject ] [ Autor ] [ Attachement ]

---

Netmax is good to. However, I use BSD at home with IPF and I like it
better. I have more control with no problems. Of course, it comes with the
price of Unix CLI admin instead of GUI admin.

I ran Nmap and other tools against it and I have not seen any breaches. I
just added snort and will be adding other tools in the very near future.

I am going to buy two 2514s for cheap, thanks to the market, and add them to
the network. Of course, this is over kill for a home network but it is good
practice with Cisco, Unix, and computer security.

Greg

-----Original Message-----
From: katbert_at_pc.jaring.my [mailto:katbert_at_pc.jaring.my]
Sent: Monday, July 16, 2001 6:22 PM
To: security-basics_at_securityfocus.com
Subject: Re: E-smith Linux firewall

On Thu, Jul 12, 2001 French, Mark wrote:

> A colleague has recently purchased E-Smith for his home network, and I
felt
> it it would be a good idea to get opinions from this list as to wether or
> not he should keep it. Does anyone have any opinions as to how it compares
> with others on the market?.

E-smith's firewalling makes use of ipchains. E-smith is actually a
re-packaging of Redhat Linux (E-smith 4.1 is built on RedHat 7.0 with
patches) stripped of all unnecessary services and programs. What is deemed
necessary include the logging, email, firewall, web, web proxy, tcpwrapper,
DNS, file sharing (windows and Mac support), dial-up networking, vpn, ssh
services. So what you have is a Linus server and/or gateway configured to
run only certain services with their configuration by default set up in a
consistent secure manner. As far as the firewall capabilities go, it is
standard ipchains but the out-of-box installation enforces a pretty good
security policy.

What makes this product interesting and useful especially for those new to
Linux/UNIX is that the configuration is done using a web interface for all
the services supported by E-smith. Interfaces for new services or
applications can be written and integrated into this.

---

• Vorherige Nachricht: Jeffory Atkinson: "Re: packet capture"
• Nachrichten sortiert nach: [ Datum ] [ Thread ] [ Subject ] [ Autor ] [ Attachement ]

---

Relevant Pages Re: SBS R2 ISA2004 Dark Arts ... ISA in SBS as intended or you'll get into trouble. ... I have to get the back firewall configuration to work with the ... network in the rules/policies. ... (microsoft.public.windows.server.sbs) Re: wireless and router; security issue ... issues like yours (and allow configuration with AD group policy). ... and the filesharing service of my network connection. ... The firewall I have is McAfee firewall 7.x, ... (microsoft.public.security) Re: SBS R2 ISA2004 Dark Arts ... Right now the front firewall is not an ISA ... NIC-2 faces the internal "Live" network. ... I have to get the back firewall configuration to work with the ... (microsoft.public.windows.server.sbs) Re: Why do I need a software firewall? ... I agree that spending time with host based configuration on every ... software firewall crashes, is diabled by nefarious software run on the ... first things the support technician has them do is disable any ... vulnerable to network based attacks. ... (comp.security.misc) Unexpected client authentication popup when using IE and Web Proxy ... Firewall is configured with an access rule that allows all outbound traffic ... from entire Internal Network to External Network for "All Users". ... one "Integrated Authentication" and the "Require all users to authenticate" ... configuration to use the web proxy. ... (microsoft.public.isa)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(18)