[plug] Securing Redhat 9.0
Leon Brooks
leon at cyberknights.com.au
Tue Oct 18 20:11:34 WST 2005
On Tuesday 18 October 2005 19:42, Kathryn wrote:
> A firewall (pix maybe) will be going in front.
The machine itself will do a pretty respectable firewall. There are also
many handy-dandy shell scripts (like monmotha) to do the footwork for
you. A firewall will, however, not magically protect obsolete or
Windows services.
Also, did you know that there are entire multi-thousand-dollar courses
on how to set up a $1500 PIX? It's not a drop-in fire-and-forget
appliance. If you want something like that, spring for a FortiGate
(circa $1000) and the updates for it. It also does antivirus and
antispam filtering, which is why you pay for updates.
You can protect webservers by reverse-proxying them through Squid or the
like, and adding a handful of rules to discard anything unexpected. You
can protect an email server by relaying in through something
bulletproof like PostFix, EXIM or QMail and again adding a handful of
rules to discard obnoxia. Many services can be protected like this.
Cheers; Leon
--
http://cyberknights.com.au/ Modern tools; traditional dedication
http://plug.linux.org.au/ Member, Perth Linux User Group
http://slpwa.asn.au/ Member, Linux Professionals WA
http://osia.net.au/ Member, Open Source Industry Australia
http://linux.org.au/ Member, Linux Australia
More information about the plug
mailing list