Re: LINUX Firewall
From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (sbradcpa_at_pacbell.net)
Date: 03/18/04
- Next message: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: Ready Only policy"
- Previous message: N. Hughes: "Strange VPN Behaviour?"
- In reply to: Tomster: "LINUX Firewall"
- Next in thread: Tomster: "Re: LINUX Firewall"
- Reply: Tomster: "Re: LINUX Firewall"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 17 Mar 2004 23:54:13 -0800
Not to turn this into OS wars as I am apt to do but all of us need to
get over this idea that because ISA is on my domain controller I'm less
secure.
Here at home I have a SBS2k3 with a basic firewall... nothin' else. But
because I use this for play I keep it pretty tight and there is no port
open on this sucker. Firewall is totally closed up. Yet my sister
[yeah the customized Disney desktop sister] got her IE hijacked some
months back because ...
a. Her IE settings are loosey goosey [as are most of us]
b. She's running in local admin
The fact that I can patch my ISA server in my office with the latest
patches whereas I hope you are planning to patch that Linux box because
my friend... on a near daily basis I am getting kernel vuln
announcements in my mailbox.
The idea that
a. Any firewall is better than any other firewall merely because of the
operating system it is running is a crock
b. All firewalls are basically have bits of software under there that
have to be monitored.
My friend, you and I have more vulnerabilities on our desktops than we
do our servers.
As Jeff said today, it's not the number of ports you have open, but
instead is the number of the port you have open that causes your
security issues
In other words, its the port and how often that port is "bot" attacked
that makes you insecure.
Firewalls are speedbumps. They are not moats.
Patching
Antivirus
Firewall
And whatever you do, ensure that at the end you visit the Shields up
site on grc.com and see what ports you TRULY have open from the outside
and that you've set the firewall up properly after all.
My server sits most of the day filing it's fingernails bored to tears.
The OpenSSL Project announced today that there is a null pointer
assignment flaw in all versions of OpenSSL from 0.9.6c to 0.9.6l
inclusive and from 0.9.7a to 0.9.7c inclusive. A specifically crafted
SSL/TLS handshake could cause OpenSSL to crash. This could lead to a DoS
against whatever application uses OpenSSL.
Because many devices/servers/systems use OpenSSL, this is a potential
issue for many sites. Because of the nature of the vulnerability, there
is not a means of using this for an exploit beyond a DoS, but it is
important to be aware of this issue and patch affected installations as
quickly as possible.
The OpenSSL Project announcement:
http://www.openssl.org/news/secadv_20040317.txt
Various vendor announcements (updated as they are available):
http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml
https://rhn.redhat.com/errata/RHSA-2004-121.html
http://www.openbsd.net/errata.html#openssl
Tomster wrote:
> I am planning on setting up a LINUX box to act as a firewall for my SBS 2000
> network (fully patched). ISA seems to be working fine but with all the
> security issues with Windows I would rather have the SBS server behind some
> sort of firewall and not directly connected to the Internet.. Plus, having
> the workstations go through the LINUX box for Internet access will free up
> resources on the SBS server.
>
> Has anyone configured SBS behind a LINUX or external firewall, un-installed
> ISA and use one NIC?
>
> Currently, the SBS server has two NICs. Could I just disable the "external"
> NIC on the server, remove ISA and configure the workstations go through the
> LINUX firewall (gateway) for Internet access? I can forward the ports needed
> for smtp and pop e-mail on the LINUX box to the server's internal IP address
> and for some remote access clients.
>
> Thanks in advance for any information and help.
>
>
-- http://www.sbslinks.com/really.htm
- Next message: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: Ready Only policy"
- Previous message: N. Hughes: "Strange VPN Behaviour?"
- In reply to: Tomster: "LINUX Firewall"
- Next in thread: Tomster: "Re: LINUX Firewall"
- Reply: Tomster: "Re: LINUX Firewall"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
