NETWORK WORLD NEWSLETTER: RON NUTTER WITH ASK THE EXPERTS 09/15/04 Today's focus: Protecting Linux servers
Dear [EMAIL PROTECTED], In this issue: * Help Desk columnist Ron Nutter goes over the firewall options ��available to protect Linux servers * Links related to Ask the Experts * Featured reader resource _______________________________________________________________ This newsletter is sponsored by SBC Dialing for Dollars CRATE & BARREL'S VOIP MOVE NETS SAVINGS AND FLEXIBILITY An apples-to-apples comparison showed that a centralized, software-based, IP-based platform could provide significant cost savings and productivity benefits over a comparable, traditional PBX system. Download whitepaper now, click here http://www.fattail.com/redir/redirect.asp?CID=81137 _______________________________________________________________ CHECK OUT NW FUSION'S NEW WHITE PAPER LIBRARY NW Fusion's White Paper Library was recently re-launched with new features and improved capabilities! Sort NW Fusion's library of white papers by Date and Vendor, view white papers by TECHNCIAL CATEGORY, mouse over white paper descriptions and take advantage of our IMPROVED white paper search engine. CLICK HERE: http://www.fattail.com/redir/redirect.asp?CID=81147 _______________________________________________________________ Today's focus: Protecting Linux servers By Ron Nutter I am starting to move my company to Linux as the server platform of choice. With the seemingly continual stream of alerts about the different hacks possible, I know that I should put some type of firewall in place to protect the servers. What are my options? - Via the Internet You have several options to consider. Linux has firewall functionality in it by the name of iptables ( <http://iptables-tutorial.frozentux.net/iptables-tutorial.html> ). While there is some documentation on the man pages on how to set this up, there are also several books on the market that go into further detail. Take a look at Linux Firewalls ( <http://www.amazon.com/exec/obidos/ASIN/0735710996/fusion0e> ) by Robert Ziegler. Another reference that you should have in your library is Linux IP Tables ( <http://mindworksuk.com/iptables.html> ) by Joe Dupnik and the folks at Mindworksuk.com. This CD, while not a cookbook or exhaustive technical reference, will help get you thinking in the manner that will the process of going to iptables as painless as possible. A nice utility included in the package is a KDE GUI that will make the process even more streamlined to deal with and even give you some limited network monitoring ability in the process. Depending on how many servers you have, you can implement iptables on each server as appropriate for the services running on each particular server. This means that you will need to maintain a firewall on each server that you implement iptables on. This will work well if you only have a small number of servers. But if you have a lot of servers, it probably makes sense to go with a central firewall - with a single central iptable configuration - that all workstations on your network will go through to reach a particular server. With this approach, however, be sure the firewall server can handle all the traffic going through it from all the devices on your network. And make sure the server is reliable, because if it crashes, you'll either need to switch to a backup firewall server or you'll have to do some quick reconfiguring of all the servers it's protecting to answer workstation requests directly. Another approach is to use one of the bootable firewall distros that you will find on <http://www.sourceforge.net/> and other sites. With some of these distributions, you can save the firewall config to a floppy or USB memory key - letting you quickly set up new or replacement firewalls. Since you're new to linux, this approach might make more sense initially, because you won't need to spend as much time getting up to speed on both Linux and iptables. Or you could just use one of the commercially available firewalls to provide this functionality until you are ready to make the move to iptables. _______________________________________________________________ To contact: Ron Nutter Ron Nutter, a Master Certified Novell Engineer and Microsoft Certified Systems Engineer in the Lexington, Ky., area, tracks down the answers to your questions. Send your questions to <mailto:[EMAIL PROTECTED]>. _______________________________________________________________ This newsletter is sponsored by SBC Dialing for Dollars CRATE & BARREL'S VOIP MOVE NETS SAVINGS AND FLEXIBILITY An apples-to-apples comparison showed that a centralized, software-based, IP-based platform could provide significant cost savings and productivity benefits over a comparable, traditional PBX system. Download whitepaper now, click here http://www.fattail.com/redir/redirect.asp?CID=81136 _______________________________________________________________ ARCHIVE LINKS Dr. Internet archive: http://www.nwfusion.com/columnists/blass.html Nutter's Help Desk archive: http://www.nwfusion.com/columnists/nutter.html _______________________________________________________________ FEATURED READER RESOURCE NETWORK WORLD SPECIAL REPORTS NOW AVAILABLE Focused reports on compelling industry topics, Network World Special Reports are available online at Network World Fusion. Network World Special Reports on IP Telephony Security, the State of Wireless LANs, trends in the networked world and more are currently available. Download any or all of our Special Reports at: <http://www.nwfusion.com/vendorview/specialreports.html> _______________________________________________________________ May We Send You a Free Print Subscription? You've got the technology snapshot of your choice delivered at your fingertips each day. Now, extend your knowledge by receiving 51 FREE issues to our print publication. Apply today at http://www.subscribenw.com/nl2 International subscribers click here: http://nww1.com/go/circ_promo.html _______________________________________________________________ SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World e-mail newsletters, go to: <http://www.nwwsubscribe.com/Changes.aspx> To unsubscribe from promotional e-mail go to: <http://www.nwwsubscribe.com/Preferences.aspx> To change your e-mail address, go to: <http://www.nwwsubscribe.com/ChangeMail.aspx> Subscription questions? Contact Customer Service by replying to this message. This message was sent to: [EMAIL PROTECTED] Please use this address when modifying your subscription. _______________________________________________________________ Have editorial comments? Write Jeff Caruso, Newsletter Editor, at: <mailto:[EMAIL PROTECTED]> Inquiries to: NL Customer Service, Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 For advertising information, write Kevin Normandeau, V.P. of Online Development, at: <mailto:[EMAIL PROTECTED]> Copyright Network World, Inc., 2004 ------------------------ This message was sent to: [EMAIL PROTECTED] ------------------------ Yahoo! Groups Sponsor --------------------~--> Make a clean sweep of pop-up ads. Yahoo! Companion Toolbar. Now with Pop-Up Blocker. Get it for free! http://us.click.yahoo.com/L5YrjA/eSIIAA/yQLSAA/BCfwlB/TM --------------------------------------------------------------------~-> <a href=http://English-12948197573.SpamPoison.com>Fight Spam! Click Here!</a> Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/kumpulan/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
