LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Other *NIX Forums > *BSD
User Name
Password
*BSD This forum is for the discussion of all BSD variants.
FreeBSD, OpenBSD, NetBSD, etc.

Notices


Reply
  Search this Thread
Old 02-27-2006, 11:07 AM   #1
imanassypov
LQ Newbie
 
Registered: Sep 2005
Location: Toronto, Canada
Distribution: FreeBSD, Gentoo, NetBSD
Posts: 28

Rep: Reputation: 15
Question How to secure the management interface


I am interested how to secure a management interface on a forwarding firewall box. What I am trying to prevent is a hacker getting access to the system from an untrusted interface, and being able to access the management interface from inside.

I know that one good solution would be to enable ipf and kernel security levels, but is it possible to disable forwarding between some interfaces by means of sysctl, and yet allow forwarding between others?


Thanks,



-igor
 
Old 02-27-2006, 02:15 PM   #2
halo14
Senior Member
 
Registered: Apr 2004
Location: Surprise, AZ
Distribution: Debian | CentOS | Arch
Posts: 1,103

Rep: Reputation: 45
so, basically... you only want to allow incoming connections on <trusted_if> on port 22.. and disable incomming connections on <untrusted_if> on port 22?? This should be relatively easy...I lack the immediate time to develop the answer for you.. but I would recommend using PF over ipf... and the PF handbook from OpenBSD is EXCELLENT... You could also specify a single (or group) or trusted IP's to allow remote administration over port 22... while blocking anything that doesn't match that... as well, you could enable SSH to only allow private key connections.. meaning you need to keep your SSH key on a thumb drive/floppy/whatever...

*As a side note: I recently purchased the book 'Mastering FreeBSD and OpenBSD Security'. It is excellent thus far... A lot of the book is just going over good security practices and principals, and explaining why we do this or that. I highly recommend it!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Bind (DNS) management via web interface. joelhop Linux - Software 44 11-12-2010 03:27 AM
LXer: MyDNSConfig 1.0.0 released: Management Of DNS Records Through A Web Interface LXer Syndicated Linux News 0 02-05-2006 04:16 PM
Secure Password Management win32sux General 0 04-30-2005 08:11 AM
secure remote management of network devices tcma Linux - Networking 1 01-13-2005 02:05 AM
Is Management interface detected by Solaris ? markraem Solaris / OpenSolaris 1 07-06-2004 07:40 PM

LinuxQuestions.org > Forums > Other *NIX Forums > *BSD

All times are GMT -5. The time now is 11:41 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration