[NTLUG:Discuss] use linux box with 3 NICs
Mark Bickel
eusmb at exu.ericsson.se
Tue Feb 27 13:52:41 CST 2001
> From discuss-admin at ntlug.org Tue Feb 27 10:52 CST 2001
> From: "m m" <llliiilll at hotmail.com>
> To: discuss at ntlug.org
> Subject: Re: [NTLUG:Discuss] use linux box with 3 NICs
> Date: Tue, 27 Feb 2001 16:49:29
> Thanks for you all inputs.
> I think I will try it by using Linux box instead Linksys solution for the
> learn and as advocator of linux.
> This is a new project to me. I am expecting to get pains and frustrated
> while learning.
> in the mean time , any examples will appreciate.
This is a great way to learn about networking and security, but you should
read up on the subjects of firewalls, network security and securing a Linux
box. Default installations of most Linux distributions will be very insecure.
Less is more. Run only the services you absolutely need. Lock down all ports
that you don't use. Don't install programs if you don't need their function.
Take a careful look at all file and directory permissions. Avoid programs
that do SUID or SGID. Consider setting up some intrusion detection scripts.
Consider replacing megadaemon inetd with xinetd or tcpserver. If you must
have remote access use ssh instead of telnet or rlogin. Check your logs, etc.
I recommend this book to anyone wanting to learn about firewalls, DMZ, etc.
Building Internet Firewalls, Second Edition
Elizabeth D. Zwicky, Simon Cooper, & D. Brent Chapman
2nd Edition June 2000, 890 pages
1-56592-871-7,
http://www.oreilly.com/catalog/fire2/
More firewall/security discussions here:
http://www.oreillynet.com/topics/linux/firewalls
Another (minimalist) router/firewall Linux distro:
http://www.zelow.no/floppyfw/
The Linksys solution provides a level of protection that some consider OK.
It certainly is easy to set up, and may be a good choice for those who
don't have the time or inclination to learn how to build or customize a FW.
Some people want an "out of the box solution" that has perfect security.
There is (IMHO) no such animal. New holes and exploits are discovered daily.
Cheers,
Mark.Bickel at ericsson.com
More information about the Discuss
mailing list