upgrading home network router
Tags gentoo, grsecurity, router, security
Yesterday I made a small relocation of server boxes at home and decided to test if I can replace my current Pentium-I MMX 200MHz router with newer computer, which is Celeron 2400 MHz, 1GB of RAM.
Well, I sat there all night till I finally managed to make a minimal required kernel for current hardware platform. Entire system boots in around 30 secs and ready to work. I didn't add automatic start of my internet connection, I usually do it manually.
Now I'm able to see that my ISP actually gives me about 10Mbit, while previously I had around 800kbytes/sec, currently I have 1050kbytes/sec+.
The OS is, of course, gentoo linux
So I have 3 computers now, 1 is half-life gaming server and file storage, another is my gaming and work computer, which is not always up, and router, which should also now act as a webserver and jabber server, all of them running gentoo linux(though some run gentware ). The problem here is that one of websites, hosted on my webserver has untested scripts, so I'm aware system can be cracked from out there.
This is where I should try grsecurity patches at last
I never had to use them before, there was no such big point at hardening security that far, but now, when I'm unable to separate router from other services this becomes critical, since I don't really want someone gain control on my networking.
I'll probably post my progress on this a bit later.
Well, I sat there all night till I finally managed to make a minimal required kernel for current hardware platform. Entire system boots in around 30 secs and ready to work. I didn't add automatic start of my internet connection, I usually do it manually.
Now I'm able to see that my ISP actually gives me about 10Mbit, while previously I had around 800kbytes/sec, currently I have 1050kbytes/sec+.
The OS is, of course, gentoo linux
So I have 3 computers now, 1 is half-life gaming server and file storage, another is my gaming and work computer, which is not always up, and router, which should also now act as a webserver and jabber server, all of them running gentoo linux(though some run gentware ). The problem here is that one of websites, hosted on my webserver has untested scripts, so I'm aware system can be cracked from out there.
This is where I should try grsecurity patches at last
I never had to use them before, there was no such big point at hardening security that far, but now, when I'm unable to separate router from other services this becomes critical, since I don't really want someone gain control on my networking.
I'll probably post my progress on this a bit later.
Total Comments 1
Comments
-
It wasn't that hard to setup and make a minimal config of grsecurity: just follow the grsecurity wikibook
Now I can finally finish hardening security and start playing with real appsPosted 07-25-2010 at 03:05 PM by Web31337