Re: General firewall question
From: Barton L. Phillips (bartonphillips_at_sbcglobal.net)
Date: 03/14/05
- Previous message: Aaron: "Re: General firewall question"
- In reply to: Aaron: "Re: General firewall question"
- Next in thread: Newsbox: "Re: General firewall question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 14 Mar 2005 16:27:40 GMT
Aaron wrote:
>>If you "throw applications to the side", what is the point of being
>>connected?
>>
>> That is not my
>>
>>>plan, but that is the root of my question.
>>
>>With all due respects, and maybe I didn't understand your messages,
>
> but,
>
>>...
>>
>>either you should take full responsibility for the security of your
>
> system
>
>>yourself, or else you should find a way to work agreeably with
>
> whomever
>
>>has been assigned that responsibility.
>
>
> All I'm trying to do here is simplify the question. Basically, if I
> have a properly configured firewall, and ignoring for the moment
> vulnerabilities in user applications, are there anything other remote
> access security issues to worry about?
>
Iptables is a very good firewall. It can be somewhat difficult to
configure. I well designed iptables configuration is quite safe -- but
as I said it is hard to configure. After you get a trial configuration
you should test it out 1) from outside and 2) from inside. The testing
can be tricky also.
It is my experience that people new to iptables do not do a very good
job with their first few (sometime many) trial configurations. If you
are new to iptables then you should expect that your first tries will
not be 24/7 secure. If you have the help of a seasoned administrator you
should ask that person for help and advice. Also, even if you have an
administrator be careful as even seasoned professionals sometime don't
get the configuration right the first time.
For your trial configurations I would suggest more rather than less
logging. Log not only denied but also initial allowed connections. Then
carefully review your logs while doing your testing. Once you get a
configuration your are happy with you can remove some of the 'allow'
logging. I usually log initial connections for ssh, and ftp as my site
does not have a lot of this traffic. I also have ssh and ftp
redistricted to specific users and force them to use strong passwords --
that is, regular users CAN NOT change their passwords!
As others have said many times in this group "security is a process".
You should revisit your security plans on a regular basis and
periodically do all the testing and monitoring of your logs again and
again. It is a lot of work but it seems to be necessary.
I hope this helped.
- Previous message: Aaron: "Re: General firewall question"
- In reply to: Aaron: "Re: General firewall question"
- Next in thread: Newsbox: "Re: General firewall question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
