Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
06-20-2006, 10:51 AM
|
#1
|
Member
Registered: Feb 2004
Location: Canada
Distribution: Gentoo Linux
Posts: 44
Rep:
|
Suggestions to secure a home business network
Hi All,
I'm in the process of redesigning a network at my father in laws place since his partner has left the business. He's concerned about people that his partner may know and try to break through his network. Currently the network is only guarded by a router with firewall capabilities. To add more comfort I thought on adding another computer to be a firewall that will connect to the router ( again which it also has a firewall built in ). Then all computers go through the firewall
All passwords have already been changed, just need more ideas on securing the internet to his internal network.
If my idea is good then please let me know and if you have other ideas which may be more secure then again, please let me know.
Thanks for your help...
Gnarg
|
|
|
06-20-2006, 06:50 PM
|
#2
|
Member
Registered: Jun 2006
Posts: 62
Rep:
|
most routers can be configured to only certain MAC addresses. lock down the router.
|
|
|
06-20-2006, 11:30 PM
|
#3
|
Senior Member
Registered: Sep 2003
Posts: 3,171
Rep:
|
A router/firewall appliance provides excellent security. They default to having all inbound ports blocked (except ICMP usually) and since everything is in firmware they are pretty hard to hack.
I have always found one of those devices to be quite adequate. In fact, I have an ASP server that runs on Windows 2000 (I have to...) that is secured with one of those little router appliances and no one to date has hacked it.
For my office LAN, a router appliance guards the internet gateway, iptables protects all Linux machines, and ZoneAlarm (an older version that is firewall only) along with the usual suite of protection software is in place on all Windows machines. Further, we don't use Outlook Express or Internet Explorer to access the internet, and we don't have any problems.
|
|
|
06-21-2006, 12:58 AM
|
#4
|
Member
Registered: Mar 2004
Posts: 135
Rep:
|
Do not forget anti-virus and ad-ware stuff.
|
|
|
06-21-2006, 02:06 AM
|
#5
|
Senior Member
Registered: Nov 2003
Location: Perth, Western Australia
Distribution: Ubuntu, Debian, Various using VMWare
Posts: 2,088
Rep:
|
If you want to use a separate computer as a firewall, check out Smoothwall. This is basically a slimmed down distro that runs as a firewall, DHCP, DNS, etc. It has a simple setup utility, and a good web based config tool.
You will need a PC with two or three NICs. One will connect to the untrusted, outside world (Your ISP). Another will be your trusted, internal network, and the third is for a De-militarized zone, where you put any public servers.
Smoothwall uses colour coding for these - Green (Trusted), Red (Untrusted) and Orange (DMZ).
Computers in the green zone will use the smoothwall box for DHCP, and you will need to forward the relevant ports to the respective servers from the smoothwall web interface.
I hope this helps
--Ian
|
|
|
06-21-2006, 07:57 AM
|
#6
|
Moderator
Registered: May 2001
Posts: 29,415
|
That's nice, but...
If you're concerned about break 'n enter situations then adding another firewall is good, but just one added layer of protection. Focus on what valuables people would like to get their hands on and act on that. If there for instance are valuable documents all over the place you might want to force a central protected storage area and even decide to have some docs encrypted or stored on a disconnected box or tape. Also focus on other ways information can leave the place and take into account what this partner already took with him (as in prevention like revoking certain documents and re-issueing them to clients or business partners).
If we're talking about a judicially volatile situation, if there's an abnormal amount of interest in obtaining information or much financial gain involved it may be "interesting" to invest time in setting up a honeypot as a form of early warning system.
|
|
|
06-21-2006, 08:33 AM
|
#7
|
Member
Registered: Feb 2004
Location: Canada
Distribution: Gentoo Linux
Posts: 44
Original Poster
Rep:
|
Very good stuff
Thanks everyone,
This is very good information. The honeypot I totally forgot which I think I'll try and implement as well.
Thanks for the help..
Gnarg
|
|
|
All times are GMT -5. The time now is 05:09 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|