Re: Secured Linux box for Windows access

• Previous message: lucas: "version of webmin..."
• Maybe in reply to: Matthew White: "Secured Linux box for Windows access"
• Next in thread: N407ER: "Re: Secured Linux box for Windows access"
• Reply: N407ER: "Re: Secured Linux box for Windows access"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 12 Feb 2004 03:16:53 +1100 (EST)
To: security-basics@securityfocus.com

Firstly I'd like to thank those people who responded to my questions
(both on and off the list - particularly Richard's :)

Briefly the responses I received centred around the following:
* Remote admin via OpenSSH
* Client access via WinSCP, sftp etc...

Having done some research into them since, they do look good, however I do have
one other requirement I didn't mention that may change things.

Because some of the client machines are similar to public kiosks, and
some of the data on the server is important to some users I'd really like to
avoid the necessity for users to drag and drop / copy / ftp to the local
machine. On the client side, I can automatically remove temp files, harden up
Word (as much as is possible of course) and generally look after the security
of the client box but all of that is moot if the user forgets to copy the file
back, or to delete it after copying it back. Therefore if possible I'd like to
have the windows system access it directly via a UNC share (hence the question
about samba and OpenVPN) where it saves it back to the server each time. Is
this possible? What do I need to do to achieve this objective?

One last thing. Since the suggestions came in about which version of Linuix to
use, I've downloaded (much to my network admins' chagrin) and setup a
few different versions already. I admit that I'm fine with the concepts but am
struggling with the Linux side and its configuration. Where would you guys
suggest I look for information on setting up a Linux server - preferably
starting with an overview then moving to more detail (eg "First you need to
secure your network connection, passwords, updates, etc. To harden the
password use MD5 --> To do that go to /etc/..."). Are there any good websites
or newsgroups you'd suggest?

Matthew.

> |Hello all,
> |
> |Having been a Windows administrator for many years I've finally taken

> |the plunge and started in earnest to learn about Linux. So far I'm
> |enjoying it as I've gotten all of the crucially important services to

> |my test box - games, office apps and Wine. Seriously however I'm
> |really curious about how to set up a remote data service for my
> |Windows clients.
> |
> |Ideally, if I could have my Windows clients to be able to map a drive

> |or use a UNC share to the Linux box that would be perfect - this way
> |I'd not have to greatly retrain them.
> |
> |The difficult parts are that I'll need the server to accessible over
> |the Internet, for it to be Open Source or low cost and to be able to
> |administer the box remotely also.
> |
> |
> |Here's what I've picked up so far:
> |I need a form of encryption and preferably a form of authentication.
> |* On the server I think I need: Linux, Samba, OpenVPN server (or
> |similar VPN server), Webmin (and therefore Apache).
> |* On the client I need OpenVPN client (or other VPN client).
> |Authentication, however, I don't know what to choose.
> |
> |
> |Q. I'm using Mandrake and finding it easy to use. Generally though
> |I'm the one telling people that Security is inversely proportional to

> |Convenience so I wonder if the ease of use with Mandrake comes at the

> |price of being less secure. If so is there a better flavour of Linux
> |to use? (eg I've heard of Trustix but know almost nothing about it).
> |
> |Q. Would it be feasible / recommended to only store PGP/GPG files on
> |this datastore location as it is just sitting out there on the net
> |and not under daily scrutiny like my client machines, or is there
> |some flaw in my strategy that makes this just misplaced paranoia?
> |
> |Q. What sort of protective logging can I do for it? Is it wise to
> |have it notify me of possible security abnormalities? If so what
> |products would you suggest?
> |

http://greetings.yahoo.com.au - Yahoo! Greetings
Send your love online with Yahoo! Greetings - FREE!

---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.astaro.com/php/contact/securityfocus.php
----------------------------------------------------------------------------

• Previous message: lucas: "version of webmin..."
• Maybe in reply to: Matthew White: "Secured Linux box for Windows access"
• Next in thread: N407ER: "Re: Secured Linux box for Windows access"
• Reply: N407ER: "Re: Secured Linux box for Windows access"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]