[plug] Securing Redhat 9.0

[Kathryn]

The other internal machines for this mob are a novell f&p, a win2k servers 
(the redhat server is their gateway) and a bunch of windows desktops for the 
users. My idea is to put what I can in the DMZ (they don't have one), bung 
the internals behind a very restrictive rule set, and disable all 
unneccessary services and ports on everything. Would you recommend a 
software firewall on the internal machines (assuming they also have an av 
client thats running realtime scanning including email etc etc)? I would 
also like to strip all their email attachments on the way in or is that 
getting a bit harsh? And whitelisted internet access.
I like the guideline of default deny for everything (not just firewall 
rules), so that everything is blocked unless the user can prove they have a 
business justification for it, although management won't usually stand for 
it in the real world.
What would you suggest for the firewall on the internal machines?

Thanks for the tips

Kathryn
----- Original Message ----- 
From: "William Kenworthy" <billk at iinet.net.au>
To: <plug at plug.org.au>
Sent: Tuesday, October 18, 2005 8:46 PM
Subject: Re: [plug] Securing Redhat 9.0


> I'll second this - just because you have an industrial strength firewall
> in front wont stop the bad guys if they are already inside - run a
> firewall on all internal machines as a matter of course.
>
> BillK
>
>
> On Tue, 2005-10-18 at 20:11 +0800, Leon Brooks wrote:
>> On Tuesday 18 October 2005 19:42, Kathryn wrote:
>> > A firewall (pix maybe) will be going in front.
>>
>> The machine itself will do a pretty respectable firewall. There are also
>> many handy-dandy shell scripts (like monmotha) to do the footwork for
>> you. A firewall will, however, not magically protect obsolete or
>> Windows services.
>>
> ...
> _______________________________________________
> PLUG discussion list: plug at plug.org.au
> http://www.plug.org.au/mailman/listinfo/plug
> Committee e-mail: committee at plug.linux.org.au
>
>