LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 11-22-2003, 07:10 AM   #1
Kamranshehzad
LQ Newbie
 
Registered: Nov 2003
Location: UK
Distribution: Redhat, Fedora
Posts: 13

Rep: Reputation: 0
Ssl Solution


1- We have got one MICRSOFT 2000 Business Server as our webserver And one NetBSD server(for firewall) from where our whole traffic routes in and out. Now we need to implement SSL for our Business Server. We want to use Free SSL (OpenSSL) but I am not confirmed either configuring it on NetBSD can make M$2000 server secure or not.

I hope this may help you in understanding the network system.
M$SERver >-----------traffic------------> NetBSD Server >--------->Internet....
M$SERver <-----------traffic------------< NetBSD Server <---------<Internet....

I think If I configure SSL Layer on NetBSD it will make the M$Server secure.

I need the solution. If you can help me out. You can also email freely on
kamran@asis.co.uk

2- I am familiar with REDHAT not with NetBSD. Which one is more secure.

Hope you people can help me.

________________________________________________________
KAMRAN SHEHZAD>>>> ANTI M$ PEOPLE>>>>>>>>>
 
Old 11-22-2003, 11:43 PM   #2
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 76
Umm, you fundamentally misunderstand what SSL is for. In the vast majority if instances, SSL is used to verify identity of a site and encrypt data across the open Internet. It does NOT "secure" your server, it only protects data in transit from evesdropping (and if you have an old version of OpenSSL, it might not even do that safely).

I assume you are running IIS, yes? In that case, you could simply configure IIS to use SSL and put an x.509 cert on ISS and call it good. That will accomplish encrypting data between your web server and any users that access it with HTTPS. You could also install a reverse HTTP proxy on your NetBSD box and have that accept all inbound HTTPS connections and proxy them back to the IIS server. This would allow you to accept HTTPS traffic externally (with a certificate installed on the NetBSD box) but pass the traffic "in the clear" internally back to IIS.

WARNING the above will NOT protect your server in any way, shape, or form.
 
Old 11-24-2003, 03:13 AM   #3
Kamranshehzad
LQ Newbie
 
Registered: Nov 2003
Location: UK
Distribution: Redhat, Fedora
Posts: 13

Original Poster
Rep: Reputation: 0
Thats nice. What we need to make our servers secure. Can we use firewalls coming with netBSD / REDHAT linux? or is there any other solution.
Which distribution is more secure.
 
Old 11-24-2003, 08:14 AM   #4
cyph3r7
Member
 
Registered: Apr 2003
Location: Silicon Valley East, Northern Virginia
Distribution: FreeBSD,Debian, RH, ok well most of em...
Posts: 238

Rep: Reputation: 30
the best way to make your servers secure in your setup would be to a) make sure they are patched and on a good patch schedule. b) run some form of anti-virus software, also updated regularly and c) behind a firewall which you seem to have in the netBSD box. Don't open ports to the internal servers that you don't need. That's about the best you can. Diligence on your part will be the key.
 
Old 11-24-2003, 08:19 AM   #5
Kamranshehzad
LQ Newbie
 
Registered: Nov 2003
Location: UK
Distribution: Redhat, Fedora
Posts: 13

Original Poster
Rep: Reputation: 0
thankyou. Now two final things
1- if i want to choose redhat instead of netBSD and
want to configure the firewalls..
2 - the other thing is if i go for SSL for my IIS server.. I need to buy the cert.. that is expensive. is there any solution of it. We need to implement in any case becuase there are credit card transactions on the website..and our whole traffic routes through the netBSD system.
 
Old 11-24-2003, 12:20 PM   #6
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 76
I would NOT use Red Hat for a firewall, unless it's a commercial version of Red Hat with official support. The downloadable/consumer version of Red Hat installs tons of things that you do not want on a firewall. NetBSD is probably a good choice, but I don't know what it uses for firewall (pf, ipfw, ipfilter?). If NetBSD does not fit your requirements, I would highly recommend OpenBSD for the firewall due to it's level of simplicity, minimal set of default packages installed, and the truly excellent packet filtering language.

For the cert, you will need to buy it if you're doing credit card transactions. It needs to be signed by a "trusted" Certifiying Authority. You could sign your own certificate, but then web browsers would not "trust" it and the people doing credit card transactions would not feel safe.

By the way, see the files listed here for some ideas about locking down Windows
http://www.nsa.gov/snac/

Last edited by chort; 11-24-2003 at 12:24 PM.
 
Old 11-25-2003, 08:49 AM   #7
sopiaz57
Member
 
Registered: Apr 2003
Distribution: RH 8
Posts: 246

Rep: Reputation: 30
Red Hat would be fine as a firewall, Just do a custom install and leave out every package you dont need.

why are you using IIS and secure in the same statement ? Those two just dont jive.

You can get a security cert for pretty cheap these days. Definately worth the value and security you give your customers

good luck

Last edited by sopiaz57; 11-25-2003 at 08:50 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
vsFTPd - SSL connection and dynamic SSL ports toxoplasme Linux - Server 11 08-22-2008 10:50 PM
apache2 - ssl : connection via ssl interrupted ldp Linux - Software 0 10-02-2005 09:07 AM
MSN with Gaim - solution to SSL Problem Seppel Slackware 2 03-09-2005 08:46 PM
solution for L 99 99 99 99 99 99 99 99 99 99 99!!!!!! evilhomer Mandriva 0 08-04-2004 11:01 AM
SOLUTION: Apache 2.0 SSL and RedHat GAVollink Linux - Software 0 09-25-2003 03:01 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:06 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration