[svlug] Configuring Server - SSH Trouble + Security Considerations

Lord Sauron lordsauronthegreat at gmail.com
Sat Oct 21 23:41:08 PDT 2006


On 10/21/06, Karen Shaeffer <shaeffer at neuralscape.com> wrote:
> On Sat, Oct 21, 2006 at 09:49:26PM -0700, Lord Sauron wrote:
> >
> > Yes, it is behind a firewalled router, it turns out.  If you try to
> > access port 80 (web server) the firewall demands a password.  Could
> > that behavior you saw be the firewall re-routing the traffic?  Do you
> > know how to sidestep the firewall?
> >
> > For the final setup the server will be outside the hardware firewall
> > (if I turn off all ports except the ones I'm using I should be safe)
> > and enable a good software firewall (iptables) I think I'll be more or
> > less good to go for security.  I can't think of a reason someone would
> > want to hack me - there's nothing valuable there.
>
> If you want to learn a little about firewalls and network archtitectures
> for secure services, then a good introduction is one of Ziegler's books.
>
> http://www.amazon.com/Linux-Firewalls-3rd-Steve-Suehring/dp/0672327716
>
> By the way, once you figure all that out, then you might want to have
> some fun. Iptables is programmable at run-time. So you can dynamically
> detect network events of interest and dynamically modify your firewall
> to respond to events. But before you delve into that, figure out why it
> is a good idea to have a firewall or two in front of your DMZ zone.

The reason for not placing it behind the router's hardware firewall is
that the router prompts for a password.  Not good for a production
site, huh?  iptables will have to do until I can scratch up the money
for a good hardware firewall that doesn't have that weakness with the
password thing.

-- 
========== GCv3.12 ==========
GCS d-(++) s+: a? C++ UL+>++++ P+
L++ E--- W+(+++) N++ o? K? w--- O? M+
V? PS- PE+ Y-(--) PGP- t+++ 5? X R tv-- b+
                DI+++ D+ G e* h- !r !y
========= END GCv3.12 ========




More information about the svlug mailing list