Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
I'm in the process of redesigning a network at my father in laws place since his partner has left the business. He's concerned about people that his partner may know and try to break through his network. Currently the network is only guarded by a router with firewall capabilities. To add more comfort I thought on adding another computer to be a firewall that will connect to the router ( again which it also has a firewall built in ). Then all computers go through the firewall
All passwords have already been changed, just need more ideas on securing the internet to his internal network.
If my idea is good then please let me know and if you have other ideas which may be more secure then again, please let me know.
A router/firewall appliance provides excellent security. They default to having all inbound ports blocked (except ICMP usually) and since everything is in firmware they are pretty hard to hack.
I have always found one of those devices to be quite adequate. In fact, I have an ASP server that runs on Windows 2000 (I have to...) that is secured with one of those little router appliances and no one to date has hacked it.
For my office LAN, a router appliance guards the internet gateway, iptables protects all Linux machines, and ZoneAlarm (an older version that is firewall only) along with the usual suite of protection software is in place on all Windows machines. Further, we don't use Outlook Express or Internet Explorer to access the internet, and we don't have any problems.
Distribution: Ubuntu, Debian, Various using VMWare
If you want to use a separate computer as a firewall, check out Smoothwall. This is basically a slimmed down distro that runs as a firewall, DHCP, DNS, etc. It has a simple setup utility, and a good web based config tool.
You will need a PC with two or three NICs. One will connect to the untrusted, outside world (Your ISP). Another will be your trusted, internal network, and the third is for a De-militarized zone, where you put any public servers.
Smoothwall uses colour coding for these - Green (Trusted), Red (Untrusted) and Orange (DMZ).
Computers in the green zone will use the smoothwall box for DHCP, and you will need to forward the relevant ports to the respective servers from the smoothwall web interface.
If you're concerned about break 'n enter situations then adding another firewall is good, but just one added layer of protection. Focus on what valuables people would like to get their hands on and act on that. If there for instance are valuable documents all over the place you might want to force a central protected storage area and even decide to have some docs encrypted or stored on a disconnected box or tape. Also focus on other ways information can leave the place and take into account what this partner already took with him (as in prevention like revoking certain documents and re-issueing them to clients or business partners).
If we're talking about a judicially volatile situation, if there's an abnormal amount of interest in obtaining information or much financial gain involved it may be "interesting" to invest time in setting up a honeypot as a form of early warning system.