Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
1- We have got one MICRSOFT 2000 Business Server as our webserver And one NetBSD server(for firewall) from where our whole traffic routes in and out. Now we need to implement SSL for our Business Server. We want to use Free SSL (OpenSSL) but I am not confirmed either configuring it on NetBSD can make M$2000 server secure or not.
I hope this may help you in understanding the network system.
M$SERver >-----------traffic------------> NetBSD Server >--------->Internet....
M$SERver <-----------traffic------------< NetBSD Server <---------<Internet....
I think If I configure SSL Layer on NetBSD it will make the M$Server secure.
I need the solution. If you can help me out. You can also email freely on kamran@asis.co.uk
2- I am familiar with REDHAT not with NetBSD. Which one is more secure.
Hope you people can help me.
________________________________________________________
KAMRAN SHEHZAD>>>> ANTI M$ PEOPLE>>>>>>>>>
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
Umm, you fundamentally misunderstand what SSL is for. In the vast majority if instances, SSL is used to verify identity of a site and encrypt data across the open Internet. It does NOT "secure" your server, it only protects data in transit from evesdropping (and if you have an old version of OpenSSL, it might not even do that safely).
I assume you are running IIS, yes? In that case, you could simply configure IIS to use SSL and put an x.509 cert on ISS and call it good. That will accomplish encrypting data between your web server and any users that access it with HTTPS. You could also install a reverse HTTP proxy on your NetBSD box and have that accept all inbound HTTPS connections and proxy them back to the IIS server. This would allow you to accept HTTPS traffic externally (with a certificate installed on the NetBSD box) but pass the traffic "in the clear" internally back to IIS.
WARNING the above will NOT protect your server in any way, shape, or form.
Thats nice. What we need to make our servers secure. Can we use firewalls coming with netBSD / REDHAT linux? or is there any other solution.
Which distribution is more secure.
Distribution: FreeBSD,Debian, RH, ok well most of em...
Posts: 238
Rep:
the best way to make your servers secure in your setup would be to a) make sure they are patched and on a good patch schedule. b) run some form of anti-virus software, also updated regularly and c) behind a firewall which you seem to have in the netBSD box. Don't open ports to the internal servers that you don't need. That's about the best you can. Diligence on your part will be the key.
thankyou. Now two final things
1- if i want to choose redhat instead of netBSD and
want to configure the firewalls..
2 - the other thing is if i go for SSL for my IIS server.. I need to buy the cert.. that is expensive. is there any solution of it. We need to implement in any case becuase there are credit card transactions on the website..and our whole traffic routes through the netBSD system.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
I would NOT use Red Hat for a firewall, unless it's a commercial version of Red Hat with official support. The downloadable/consumer version of Red Hat installs tons of things that you do not want on a firewall. NetBSD is probably a good choice, but I don't know what it uses for firewall (pf, ipfw, ipfilter?). If NetBSD does not fit your requirements, I would highly recommend OpenBSD for the firewall due to it's level of simplicity, minimal set of default packages installed, and the truly excellent packet filtering language.
For the cert, you will need to buy it if you're doing credit card transactions. It needs to be signed by a "trusted" Certifiying Authority. You could sign your own certificate, but then web browsers would not "trust" it and the people doing credit card transactions would not feel safe.
By the way, see the files listed here for some ideas about locking down Windows http://www.nsa.gov/snac/
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.