Re: Home Security.
From: Steve Bremer (steveb@nebcoinc.com)Date: 05/01/02
- Previous message: beef@tilderoot.com: "Ghost Mail"
- In reply to: Pearson, Andrew: "Home Security."
- Next in thread: s.eVershAde: "Re: Home Security."
- Next in thread: Serge van Ginderachter: "RE: Home Security."
- Reply: s.eVershAde: "Re: Home Security."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Steve Bremer" <steveb@nebcoinc.com> To: "Pearson, Andrew" <Andrew_Pearson@adc.com> Date: Wed, 1 May 2002 14:25:47 -0500
Hi Andrew,
> 1) What is the best operating system / firewall software combination to use on the firewall machine? (I think i'd prefer to use a MS product though)
Ouch, start off with a question of religion :-) If you are most
comfortable with a m$ OS, you should use that assuming you
know how to secure it and have software that can provide the
features necessary for a firewall (packet filtering and/or proxying).
If you want to dig into another OS (to learn something new) as an
option for a firewall, but don't want to worry too much about
security, I'd recommend OpenBSD. OpenBSD probably has the
safest "out of the box" installation (e.g. very few, if any external
services running). OpenBSD also support IPSec (for creating a
VPN) and packet filtering.
Another option to try is Linux. It supports IPSec if you apply the
Freeswan kernel patch and it provides nice packet filtering
capabilities. Where you have to be careful with Linux is that many
distributions of Linux turn on a lot of services by default that you
don't need and shouldn't be exposed to the internet. If you want to
learn about securing a *nix server, this will provide some good
hands on experience. I'm not saying Linux is insecure, just some
of the services that get installed by default are not meant to be
exposed to a hostile environment (e.g the Internet).
There are many Linux distros that have been scaled down that are
intended for use as a firewall. Most of them can run off of a single
floppy disk and don't enable services by default. Check out
leaf.sourceforge.net and look for "Bering".
> 2) My ADSL line which connects to the firewall uses USB, so is it still a router? since it doesn't have 2 NIC's.....
This should still work. There are network capable USB devices.
> 3) Obviously, my firewall machine will have to act as a router, so what is the best software to use to achieve this?
Depends on the OS. For m$ windows, I have no idea. For Linux,
I'd used iptables. For OpenBSD I'd use packet filter or IPF.
> 3) I've got Win 2000 Server as my server machine, but I can't seem to Install any Anti-Viral software or Firewall software... Is this just my machine, or is it a problem with Win 2000?
Can't help you there.
> 4) If I want to make my network secure, is there any other products I should invest in, besides Anti-Virus and Firewall software?
A network intrusion detection system can be helpful, but they can
be quite expensive unless you're willing to set one up yourself (e.g
snort).
> 5) Lastly, what would I need (besides telnet) to use to access my Linux box from the server securely? (If the server is an MS-OS) would Exceed do it?
Never use telnet to access any box if it can be avoided. All
information is passed cleartext and your passwords can be sniffed
off the wire. I'd recommend OpenSSH. It is a free version of SSH
that allows you to login to remote hosts using an encrypted
session (and a lot more).
Steve Bremer
- Previous message: beef@tilderoot.com: "Ghost Mail"
- In reply to: Pearson, Andrew: "Home Security."
- Next in thread: s.eVershAde: "Re: Home Security."
- Next in thread: Serge van Ginderachter: "RE: Home Security."
- Reply: s.eVershAde: "Re: Home Security."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
