Re: Advanced Firewall Techniques

From: David Ziggy Lubowa (ziggy@one2net.co.ug)
Date: 07/24/02


Date: Wed, 24 Jul 2002 11:03:02 +0300 (EAT)
From: David Ziggy Lubowa <ziggy@one2net.co.ug>
To: Eric Friedrich <limited@nycap.rr.com>


ummh well unfortunately for OpenBSD it does not have the flexibility of
FreeBSD i.e the ports where you can do a port upgrade with ease , IIRC you
have to download the tarballs and install them manually , i would not go
for OpenBSD just cause it is said to be secure i would also look at the
ease of upgrading and patching any running services. As for protecting
yourself from services which have vulnerabilities all i can suggest is
that you keep updating your box and have a tight firewall which shall only
allow what is needed and block the rest.

cheers

David Ziggy Lubowa
Systems Administrator
One2net (U)
7th Floor Workers Hse
Tel: +256 41 345466
Mob: +256 77 769064
Fax: +256 41 345468
Web: www.one2net.co.ug
-----------------------------------
A Network Of People And Technology |
-----------------------------------

On Sat, 1 Jan 2000, Eric Friedrich wrote:

> I've sucessfully set up a home LAN with NAT, OpenBSD firewall, and all
> the goodies. However, I'm wondering what the next step is. As far as
> system maintenance, I know that all OS's require constant patches, but I
> have no idea what that involves as far as OpenBSD goes, is there a
> program out there which will update the system for me?
> Also, I've heard of attacks using other protocols, and such, what
> other security measures can I implement aside from only opening the
> necessary ports with PF? Is there anything to protect against non tcp
> attacks, DOS attacks and other ones I'm not mentiong? Thanks,
>
> limited
>
>
>