[plug] Securing Redhat 9.0

Leon Brooks leon at cyberknights.com.au
Tue Oct 18 20:11:34 WST 2005


On Tuesday 18 October 2005 19:42, Kathryn wrote:
> A firewall (pix maybe) will be going in front.

The machine itself will do a pretty respectable firewall. There are also 
many handy-dandy shell scripts (like monmotha) to do the footwork for 
you. A firewall will, however, not magically protect obsolete or 
Windows services.

Also, did you know that there are entire multi-thousand-dollar courses 
on how to set up a $1500 PIX? It's not a drop-in fire-and-forget 
appliance. If you want something like that, spring for a FortiGate 
(circa $1000) and the updates for it. It also does antivirus and 
antispam filtering, which is why you pay for updates.

You can protect webservers by reverse-proxying them through Squid or the 
like, and adding a handful of rules to discard anything unexpected. You 
can protect an email server by relaying in through something 
bulletproof like PostFix, EXIM or QMail and again adding a handful of 
rules to discard obnoxia. Many services can be protected like this.

Cheers; Leon

-- 
http://cyberknights.com.au/     Modern tools; traditional dedication
http://plug.linux.org.au/       Member, Perth Linux User Group
http://slpwa.asn.au/            Member, Linux Professionals WA
http://osia.net.au/             Member, Open Source Industry Australia
http://linux.org.au/            Member, Linux Australia



More information about the plug mailing list