[svlug] Configuring Server - SSH Trouble + Security Considerations

Karen Shaeffer shaeffer at neuralscape.com
Sat Oct 21 23:37:48 PDT 2006


On Sat, Oct 21, 2006 at 09:49:26PM -0700, Lord Sauron wrote:
> 
> Yes, it is behind a firewalled router, it turns out.  If you try to
> access port 80 (web server) the firewall demands a password.  Could
> that behavior you saw be the firewall re-routing the traffic?  Do you
> know how to sidestep the firewall?
> 
> For the final setup the server will be outside the hardware firewall
> (if I turn off all ports except the ones I'm using I should be safe)
> and enable a good software firewall (iptables) I think I'll be more or
> less good to go for security.  I can't think of a reason someone would
> want to hack me - there's nothing valuable there.

If you want to learn a little about firewalls and network archtitectures
for secure services, then a good introduction is one of Ziegler's books.

http://www.amazon.com/Linux-Firewalls-3rd-Steve-Suehring/dp/0672327716

By the way, once you figure all that out, then you might want to have
some fun. Iptables is programmable at run-time. So you can dynamically
detect network events of interest and dynamically modify your firewall
to respond to events. But before you delve into that, figure out why it
is a good idea to have a firewall or two in front of your DMZ zone.

Thanks,
Karen
-- 
 Karen Shaeffer
 Neuralscape, Palo Alto, Ca. 94306
 shaeffer at neuralscape.com  http://www.neuralscape.com




More information about the svlug mailing list