November 12th, 2001, 09:45 PM
Security of packet filtering/port forwarding
I've been helping someone set up a network and the security model that seems to be in place is this:
RedHat 7.2 , 2.4, iptables
There are multiple server machines (news, mail, web etc) sitting behind a machine with a packet filtering firewall which denies all incoming except on those ports that have been explicitly declared as okay. Legit traffic is then forwarded (based on the port number) to the appropriate server.
that's the basic setup. (If I've left out any pertinent info lemme know)
So then the question is this: how strong of a setup is this? This is the first time I've really had a "real" network with a "real" connection to the net (faster then 56K) to administer and so I'm fairly ignorant about some of the security and design issues of firewalls.
Any help/comments/flames/whatever are appreciated.
November 12th, 2001, 10:21 PM
If all your servers are configured correctly, and your using the latest versions of apache/qmail/whatever_news_server then it should be pretty tight, *unless* your iptables script leaves something to be desired - post it for public scrutinization and i'm sure you'll get some constructive/destructive criticism.
November 12th, 2001, 10:29 PM
you might wanna check out some tools for your setup:
1. tripwire for your firewall
2. inflex for sendmail ( a mail-relay is important)
3. jdk if you've got an extra old 486 or somthing ( a little IDS)
4. swatch (log file watcher)
5. a good antivirus ( I prefer norton myself, but any well known will do)
6. MRTG (a great (the best !) tool for monitoring router usage and any snmp oid for that matter).
I'll write some more once I remember them