[plug] LAN security
Leon Brooks
leon at brooks.fdns.net
Sun Jun 9 20:38:24 WST 2002
On Sun, 9 Jun 2002 18:06, Richard wrote:
> Just a general question. I am about to set up apache, squid and bind
> (and possibly an ftp server) on our home LAN, and I was wondering
> whether to set them up on the Internet gateway machine or one of the
> hosts behind the gateway, from a security perspective. Apache (and ftp)
> will be visible to the wider Internet as well as the LAN. Any thoughts,
> or good sites anyone could point me to?
KISS. Put it on the gateway.
If worried, jail the offending services. Do use the latest version of
everything (BIND 9.2.1, OTToMH, Apache 1.3.24, ProFTPd at least 1.2.5, Squid
2.4STABLE4). Use iptables filtering to block all incoming except replies to
outbound, plus those services, plus ICMP.
Cheers; Leon
More information about the plug
mailing list