LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 06-04-2001, 07:42 PM   #1
ekromps
LQ Newbie
 
Registered: Jun 2001
Posts: 4

Rep: Reputation: 0
Question


I am currently setting up a RedHat Linux box for an intranet application. It's access to the outside world will be: 1) remote system administration by myself, 2) ftp'ing application programs to the intranet web server (again by myself), 3) testing the intranet application (myself), and 4) "getting/putting a couple of data files (using ftp) from a "safe" internet site every night. What kind of security am I looking at? Since I am not hosting a web site for external users, can I get away with less security and still not get hacked? I really don't wish to become a Linux/Internet security expert and spending hours administering security and hack threats. Any ideas? Thanks!
 
Old 06-05-2001, 01:11 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,703
Blog Entries: 54

Rep: Reputation: 2964Reputation: 2964Reputation: 2964Reputation: 2964Reputation: 2964Reputation: 2964Reputation: 2964Reputation: 2964Reputation: 2964Reputation: 2964Reputation: 2964
Linux is powerfull.
With power comes responsability.
plz explain to me (like Im 4yrs old)
where "less security" differs from no security at all?
 
Old 06-05-2001, 01:40 AM   #3
ekromps
LQ Newbie
 
Registered: Jun 2001
Posts: 4

Original Poster
Rep: Reputation: 0
okay, okay, i stand corrected. i was just wishfully thinking of a world where my system, not being a "public" web site and only providing access to a single known remote user (me) could avoid some of the security setup and maintenance. i need to have the host system available only via dialup access and only by me. i plan on using SSH-2 for remote administration and SCP for transferring files. i'll be using Apache/Tomcat for web/java serving. thus, i'll need to provide HTTP access as well in order to remotely test the intranet application. i have come across a ton of online material as to what i need to do in order to "defend" the system. i realize that once proving any outside access, you just gotta do the work and protect yourself. thanks for the reminder.
 
Old 06-05-2001, 02:13 AM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,703
Blog Entries: 54

Rep: Reputation: 2964Reputation: 2964Reputation: 2964Reputation: 2964Reputation: 2964Reputation: 2964Reputation: 2964Reputation: 2964Reputation: 2964Reputation: 2964Reputation: 2964
no.
its the other way around.
thank -u- for not dodging ure responsabilities.
unfortunately too many ppl still do.
 
Old 06-05-2001, 05:17 AM   #5
mcleodnine
Senior Member
 
Registered: May 2001
Location: Left Coast - Canada
Distribution: s l a c k w a r e
Posts: 2,731

Rep: Reputation: 45
Quote:
Originally posted by ekromps
I am currently setting up a RedHat Linux box for an intranet application. It's access to the outside world will be: 1) remote system administration by myself, 2) ftp'ing application programs to the intranet web server (again by myself), 3) testing the intranet application (myself), and 4) "getting/putting a couple of data files (using ftp) from a "safe" internet site every night. What kind of security am I looking at? Since I am not hosting a web site for external users, can I get away with less security and still not get hacked? I really don't wish to become a Linux/Internet security expert and spending hours administering security and hack threats. Any ideas? Thanks!
I'd _really_ re-eveluate using ftp. I trust there is some kind of firewall in your solution as well. A few hours (maybe more) with ipchains or even good canned scripts would be a wise investment. Not letting anything but the most crucial ports to the outside world would be a good starting point. ie: ssh and nothing else. That should buy you some extra time to get comfortable with your firewall ruleset bfore you have to open up http/https and (yikes) domain (named).

As already pointed out by unSpawn, thank you in adavnce for your valid concerns and honest questions. Now go ye forth and fortify. Then ask more questions. After that ask more questions. In short - lay low and let the other guy get rooted.

I wish I would have found this place a long time ago.

Again - submitting reply without previewing...
mc9
 
Old 06-05-2001, 10:27 AM   #6
raz
Member
 
Registered: Apr 2001
Location: London
Posts: 408

Rep: Reputation: 31
Just to build on your comments Ekromps.
"Since I am not hosting a web site for external users, can I get away with less security and still not get hacked"

No, but you can get away with more security or by creating a PKI for your network.

As it sounds to me, your on the internet and you want to access your system over the internet but like an intranet website.

Simple:
You put up a statefull firewall and a VPN gateway to your computer. "which must also have a statefull firewall running.

Then you don't need to secure FTP or the HTTP as it's a virtual private network using the internet as a long cable.
Once it's up little or no maintenance is needed.

This is the model for most B2B implementations, who don't want to invest time and money into 24/7 security cover.

However I would like to point out that if your connect to the internet then nothing is 100% secure, but you can most definitely stop 99.999% of hackers getting in.

/Raz
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Remote Linux Server: Best Security? Midnight Owl Linux - Security 4 10-18-2005 10:15 AM
Restrict X server access using /etc/security/access.conf anand_kt Linux - General 0 04-22-2005 09:40 AM
Remote X security question rosko Linux - Security 1 11-25-2002 04:50 PM
No remote access (from Security forum) twhunt Linux - Networking 0 03-20-2002 01:43 AM
Remote Access Breezwell Linux - Networking 3 05-17-2001 09:08 AM


All times are GMT -5. The time now is 06:38 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration