LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 06-07-2006, 07:21 PM   #1
taiwf
Member
 
Registered: Jun 2005
Distribution: debian, ubuntu, redhat,knoppix
Posts: 194

Rep: Reputation: 31
server behind home router. security concern?


Hi,

I am setting up a server behind netgear wg614 router and using port-forwarding for web server and soon going to install postfix. I wonder if i still need things like iptables? I am installing clamav and probably amavis. Is there anything else i need to consider?

thx
 
Old 06-07-2006, 08:36 PM   #2
haertig
Senior Member
 
Registered: Nov 2004
Distribution: Debian, Ubuntu, LinuxMint, Slackware, SysrescueCD
Posts: 1,996

Rep: Reputation: 302Reputation: 302Reputation: 302Reputation: 302
Of course you will have security concerns. More than can be enumerated here. I would recommend getting a good book on security. I personally like "Real World Linux Security" by Bob Toxen.
 
Old 06-07-2006, 11:59 PM   #3
taiwf
Member
 
Registered: Jun 2005
Distribution: debian, ubuntu, redhat,knoppix
Posts: 194

Original Poster
Rep: Reputation: 31
hmm, i did an nmap scan and the rating is only 7xxx (worthy challenge). I thoguht behind NAT things are pretty safe ? My router has SPI Firewall which protects LAN against Denial of Service attacks. I have only port 3389 and 8080 open.

Can you name a few biggest threat on my linux server from network perspective? I just not sure which aspect i should read up from .
 
Old 06-08-2006, 07:07 AM   #4
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,782
Blog Entries: 1

Rep: Reputation: 413Reputation: 413Reputation: 413Reputation: 413Reputation: 413
I would think that at a minimum you would want a program like Tripwire or Aide running, so that if you are compromised, you have an idea of what files were affected.

Security is largely a reflection of your personal level of paranoia. Certainly having the server behind a router is safer, but I don't know if I would call it safe. If you are just serving web pages, you'll need to bone up on Apache threats, but that isn't sufficient. Apache is probably much more secure than many of the applications it can serve up. Chrooting Apache would make it safer in case one of the applications was compromised.

Spend some time in the sticky threads at the top of the forum. unSpawn has collected a lot of good information and then decide what approaches make you feel safer.
 
Old 06-08-2006, 11:24 PM   #5
taiwf
Member
 
Registered: Jun 2005
Distribution: debian, ubuntu, redhat,knoppix
Posts: 194

Original Poster
Rep: Reputation: 31
thx again Hangdog42 & haertig . Now i have some general clue where to start tighten my linuxbox ^.^
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
usermin or openwebmail security concern? taiwf Linux - Security 2 04-26-2006 11:21 PM
server at home, behind router zippo85 Linux - Networking 15 07-17-2005 05:22 PM
A security concern! Please advise! vharishankar General 5 11-30-2004 10:05 AM
This is an security concern? Then why is it defualt in Slack 8.1? Tarts Slackware 2 08-20-2003 11:06 PM
Security concern linuxRules Linux - General 3 05-22-2002 01:23 PM


All times are GMT -5. The time now is 09:58 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration