LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   The Perfect Linux Network (https://www.linuxquestions.org/questions/linux-networking-3/the-perfect-linux-network-361297/)

wwnexc 09-07-2005 10:45 PM
The Perfect Linux Network
 
Hi,

I am trying to build "the Perfect, Highly Secure Network" using exclusively Linux.

It should contain everything from a linux run firewall (which also protects the applications running behind it, if possible) a NAS and RADIUS server etc...

Mail, FTP, web etc..

If you can think of anything else, please post!

Could you also please explain the RADIUS, its userdatabases, and access servers in a little more detail, as i am new to these.

I am looking for -= names =- of software, which is reliable and secure.

Thanks

Thoreau 09-08-2005 12:22 AM
Can you be more specific about what "network" you are talking about. As my name somewhat implies- simplify. Only use what you need, and then maximize the security around it.

What job do you need to get done? And how stupid are the people working there? Security is always in opposition to convenience/productivity.

vdberj 09-08-2005 12:30 AM
You need to first choose a linux distro that matches your needs, and then see what it already provides. If you are new to linux, I'd suggest something package based such as Fedora (fedora.redhat.com) or centos (www.centos.org)

Firewall: iptables (you might want to look at a front end that will ease the setup)
Also, make sure your linux server is the gateway for all the machines on the network, ie, it has sole access to the external Internet connection.

Mail: postfix
Comes standard with most distributions, but not necessarily enabled by default. On Fedora and Centos, you need to either change your preferred mail using "alternatives", or simply uninstall sendmail. (rpm -e sendmail)

Ftp: vsftpd (Very Secure File Transfer Protocol Daemon)
Also comes standard with FC and Centos and has an entry in /etc/init.d to start and stop it. (have a look at "man chkconfig" to enable it upon startup.)

Web: apache
rpm -qi httpd will give you information as to the package, and rpm -ql httpd will show you where it resides on the filesystem. An /etc/init.d/httpd start will kick it into action on http://[ip of your server]/
The default setup is very secure, but read up on the stuff you add to it (php scripts, perl cgi's etc) to make sure they contain no vulnabilities.

I'm afraid my knowledge of radius is limited, but http://www.freeradius.org/faq/ should answer enough questions to get you started...

DrAxeman 09-08-2005 06:43 AM
Just a quick word.. There is no such thing as "secure ftp". The ftp protocol by nature is insecure. Telnet and ftp should be completely replaced by ssh. If you absolutely must use ftp, then only allow anonymous users. Real users require real passwords, and in an insecure protocol it's like giving them away.


All times are GMT -5. The time now is 10:28 PM.