[plug] Securing Redhat 9.0

Kathryn nyrhtak at nw.com.au
Tue Oct 18 22:06:46 WST 2005 

So you would recommend I don't bother with the pix? Thats fine with me 
though I have the knowledge to configure the damn things (participated in 
one of those expensive courses a while ago and configured a few since then). 
I haven't had much to do with the fortigate - how good is the antispam and 
AV filtering on it?

Thanks for the help!

Kathryn
----- Original Message ----- 
From: "Leon Brooks" <leon at cyberknights.com.au>
To: <plug at plug.org.au>
Sent: Tuesday, October 18, 2005 8:11 PM
Subject: Re: [plug] Securing Redhat 9.0


> On Tuesday 18 October 2005 19:42, Kathryn wrote:
>> A firewall (pix maybe) will be going in front.
>
> The machine itself will do a pretty respectable firewall. There are also
> many handy-dandy shell scripts (like monmotha) to do the footwork for
> you. A firewall will, however, not magically protect obsolete or
> Windows services.
>
> Also, did you know that there are entire multi-thousand-dollar courses
> on how to set up a $1500 PIX? It's not a drop-in fire-and-forget
> appliance. If you want something like that, spring for a FortiGate
> (circa $1000) and the updates for it. It also does antivirus and
> antispam filtering, which is why you pay for updates.
>
> You can protect webservers by reverse-proxying them through Squid or the
> like, and adding a handful of rules to discard anything unexpected. You
> can protect an email server by relaying in through something
> bulletproof like PostFix, EXIM or QMail and again adding a handful of
> rules to discard obnoxia. Many services can be protected like this.
>
> Cheers; Leon
>
> -- 
> http://cyberknights.com.au/     Modern tools; traditional dedication
> http://plug.linux.org.au/       Member, Perth Linux User Group
> http://slpwa.asn.au/            Member, Linux Professionals WA
> http://osia.net.au/             Member, Open Source Industry Australia
> http://linux.org.au/            Member, Linux Australia
> _______________________________________________
> PLUG discussion list: plug at plug.org.au
> http://www.plug.org.au/mailman/listinfo/plug
> Committee e-mail: committee at plug.linux.org.au
>
>

More information about the plug mailing list