Hi again Charles,
Thank you for the rapid reply, I am sorry that mine is somewhat late as things here have been extremely busy. I agree with you comments on the leaf product and it will be difficult to configure anything to work in the manner I suggested due to the fact that applications that are not errant look much like those that are from the router's perspective. With all the malware out there right now it is difficult to protect oneself from the myriad of problems that seem to exist. Moreover, since it is difficult to train the user to open only those emails that they recognise, one may still be infected from the inside via malware attached to the inbound email. Closing ports seems to provide a great start but there must be a way to inspect some of the outbound packets and drop them even on allowable ports where a packet might be suspect.
As I am someone who works with the micro$oft infected platform most of the time and am just getting into the Linux platform, I am amazed that more people are not using this OS. The swiss cheese of micro$oft really drives me 'round the bend as far as locking down a system particularly from a central point, in a word, don't do it with anything but Linux. Hence the LEAF.
So, if you would be open to a question regarding the Eiger-Stein version of the LEAF, I would be most grateful for any sort of an answer. In particular, how and where does one set up a rule set for the internal side. Perhaps I should also ask, how secure is the "out of the box" installation of this product and what should be modified on both the public and private side. I realise this might be a large question with an answer that might go on for days, and certainly I would not impose upon your time in that manner, but whatever gems you could pass on would be appreciated.
Again, thank you for your time.
"Out of the box", an EigerStein (or the more recent Dachstein) firewall is quite secure at protecting your internal systems from the general "noise" of the internet (port-scanning, self-propogating worms, and similar).
There are some qualifiers, however. Since the "mountain" releases use a 2.2 kernel, the firewall rules cannot do stateful packet filtering (a feature added in 2.4 kernels and used by Bering/Shorewall). Also, you need to realize that the "mountain" firewall scritps are designed to allow all traffic from internal systems out to the internet, while preventing un-requested inbound traffic from reaching your internal systems.
Note that this setup will *NOT* protect you if you download (or are e-mailed) a malicious program and run it on one of your internal systems. Nor will this firewall setup stop things like kazza or other file-sharing programs from working.
There is no simple Secure/Insecure switch you can flip somewhere to secure your network. You need to catagorize the threats you wish to protect yourself against, and architect a security strategy that will address those threat vectors. A good firewall is usually a necessary part of an overall security solution, but it is usually only a part.
-- Charles Steinkuehler [EMAIL PROTECTED]
P.S. Please continue to route all LEAF related questions through the leaf-user mailing list, rather than e-mailing me personally. You can cc: me directly if you like. Typically, clicking "reply-all" instead of simply "reply" will do this.
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
