[svlug] Configuring Server - SSH Trouble + Security Considerations
Lord Sauron
lordsauronthegreat at gmail.com
Sat Oct 21 23:41:08 PDT 2006
On 10/21/06, Karen Shaeffer <shaeffer at neuralscape.com> wrote:
> On Sat, Oct 21, 2006 at 09:49:26PM -0700, Lord Sauron wrote:
> >
> > Yes, it is behind a firewalled router, it turns out. If you try to
> > access port 80 (web server) the firewall demands a password. Could
> > that behavior you saw be the firewall re-routing the traffic? Do you
> > know how to sidestep the firewall?
> >
> > For the final setup the server will be outside the hardware firewall
> > (if I turn off all ports except the ones I'm using I should be safe)
> > and enable a good software firewall (iptables) I think I'll be more or
> > less good to go for security. I can't think of a reason someone would
> > want to hack me - there's nothing valuable there.
>
> If you want to learn a little about firewalls and network archtitectures
> for secure services, then a good introduction is one of Ziegler's books.
>
> http://www.amazon.com/Linux-Firewalls-3rd-Steve-Suehring/dp/0672327716
>
> By the way, once you figure all that out, then you might want to have
> some fun. Iptables is programmable at run-time. So you can dynamically
> detect network events of interest and dynamically modify your firewall
> to respond to events. But before you delve into that, figure out why it
> is a good idea to have a firewall or two in front of your DMZ zone.
The reason for not placing it behind the router's hardware firewall is
that the router prompts for a password. Not good for a production
site, huh? iptables will have to do until I can scratch up the money
for a good hardware firewall that doesn't have that weakness with the
password thing.
--
========== GCv3.12 ==========
GCS d-(++) s+: a? C++ UL+>++++ P+
L++ E--- W+(+++) N++ o? K? w--- O? M+
V? PS- PE+ Y-(--) PGP- t+++ 5? X R tv-- b+
DI+++ D+ G e* h- !r !y
========= END GCv3.12 ========
More information about the Svlug
mailing list