I am a seasoned admin, working with Solaris, AIX and the fluffy penguin now for 8 years or so....
I have learned quite a lot about the trade, including to be very cautious about proclaiming a system to be secure if I don't absolutely positively kinda believe it is.... Thus my question: I want to setup a Linux firewall for a small network of 15 machines connected live to the internet via broadband. I don't want to put something in place that has a glaring hole I don't know about that makes the installation more insecure with a false sense of security. Which kernel would be best? 2.0.x, 2.2.x, or 2.4.x? Should snort be running on the firewall machine or another machine? If on another machine, should I put the firewall and IDS box on a hub as the first hop so they both see the same traffic? The customer's router is not manageable (linksys) and they have no budget for a Cisco Router or PIX. The Linux box will serve as a secondary NAT layer, any pitfalls with this? Should SSH go to the firewall machine or be passed through to an internal Linux box? Should the NAT and Firewall rules be written and maintained on CD-R media so a malicious attacker cannot hide rule changes? Should the firewall be re-initialized on a schedule to ensure the live rules are those from the read-only media? Last, but not least, what's a good HowTo that can be used as a basis? I would prefer one that starts off a little more strict so I can simplify rather than have to bone up on all of the current vulnerabilities. Thanks for any replies! Robert
