RE: RH8.0 and making it secure
On Mon, 2003-01-06 at 18:21, Christopher Lyon wrote: Your assumption was correct but both of you have great feed back. I am interested more in the aspects of securing linux (RH8.0) in a corporate environment where there is mixture of friendlys and hostels. Good feedback. Looks like there is some reading to do! (Like it ever ends) I found the book Building Internet Firewalls from O'Reilly to be an outstanding book on the subject and would be very helpful for setting up a firewall in a corporate environment. Ian P. Thomas signature.asc Description: This is a digitally signed message part
RE: RH8.0 and making it secure
openna.com - Securing and Optimizing Linux - The Hacking Solution -Original Message- From: Christopher Lyon [mailto:[EMAIL PROTECTED]] Sent: Monday, January 06, 2003 4:15 PM To: [EMAIL PROTECTED] Subject: RH8.0 and making it secure Does anybody have any documents or links on making RH8.0 secure, ie locking it down? -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
Re: RH8.0 and making it secure
On Mon, Jan 06, 2003 at 01:14:57PM -0800, Christopher Lyon wrote: Does anybody have any documents or links on making RH8.0 secure, ie locking it down? The Linux Administrator Security Guide: http://seifried.org/lasg/ It's starting to get old, but many of the concepts will be with us for many years to come. If you don't understand the concepts and try to focus on the tools, you'll be in trouble down the road. You may want to scan http://www.linuxsecurity.com too. Of course, I've assumed you've already read the Officla Red Hat Linux Security Guide that Red Hat publishes. You *did* go to Red Hat to see the online docs didn't you? For those of you who haven't, go to http://www.redhat.com/docs/manuals/linux/RHL-8.0-Manual/security-guide/ -- Ed Wilts, Mounds View, MN, USA mailto:[EMAIL PROTECTED] Member #1, Red Hat Community Ambassador Program -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
RE: RH8.0 and making it secure
So many things to consider I'd start with an iptables overview if you're box is on the internet. A good Linux Security book is worth having too. Shane -Original Message- From: Christopher Lyon [mailto:[EMAIL PROTECTED]] Sent: Monday, January 06, 2003 2:15 PM To: [EMAIL PROTECTED] Subject: RH8.0 and making it secure Does anybody have any documents or links on making RH8.0 secure, ie locking it down? -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
Re: RH8.0 and making it secure
On Mon, Jan 06, 2003 at 02:40:37PM -0700, Daily, Shane, CTR wrote: So many things to consider I'd start with an iptables overview if you're box is on the internet. A good Linux Security book is worth having too. Personally, I wouldn't start with iptables. If you have either cable or DSL (with Ethernet connectivity), buy a low-end Linksys firewall or something like it. Put it between you and the cable modem. That will get the vast majority of your security attempts since by default all ports are closed. Now that you've got the initial threat out of the way, focus on everything else (like turning off all services you don't need, etc.). -- Ed Wilts, Mounds View, MN, USA mailto:[EMAIL PROTECTED] Member #1, Red Hat Community Ambassador Program -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
RE: RH8.0 and making it secure
Iptables Cable/DSL router Yes, if you're in a hurry and don't care to learn much about network security you can certainly go out and buy a Cable/DSL Router with a built in firewall. I was making the assumption that he was trying to learn about security and harden the linux box itself. Building a firewall is a good way to do both. Shane -Original Message- From: Ed Wilts [mailto:[EMAIL PROTECTED]] Sent: Monday, January 06, 2003 3:00 PM To: [EMAIL PROTECTED] Subject: Re: RH8.0 and making it secure On Mon, Jan 06, 2003 at 02:40:37PM -0700, Daily, Shane, CTR wrote: So many things to consider I'd start with an iptables overview if you're box is on the internet. A good Linux Security book is worth having too. Personally, I wouldn't start with iptables. If you have either cable or DSL (with Ethernet connectivity), buy a low-end Linksys firewall or something like it. Put it between you and the cable modem. That will get the vast majority of your security attempts since by default all ports are closed. Now that you've got the initial threat out of the way, focus on everything else (like turning off all services you don't need, etc.). -- Ed Wilts, Mounds View, MN, USA mailto:[EMAIL PROTECTED] Member #1, Red Hat Community Ambassador Program -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
Re: RH8.0 and making it secure
On Mon, 2003-01-06 at 13:59, Ed Wilts wrote: On Mon, Jan 06, 2003 at 02:40:37PM -0700, Daily, Shane, CTR wrote: So many things to consider I'd start with an iptables overview if you're box is on the internet. A good Linux Security book is worth having too. Personally, I wouldn't start with iptables. If you have either cable or DSL (with Ethernet connectivity), buy a low-end Linksys firewall or something like it. Put it between you and the cable modem. That will get the vast majority of your security attempts since by default all ports are closed. Now that you've got the initial threat out of the way, focus on everything else (like turning off all services you don't need, etc.). This is certainly an easy solution (and one I've used before). However, given that Linux can do everything that an off-the-shelf router/firewall can (and more!), I don't see any reason to spend an extra $40 to save an hour's work (especially since that work pays off with increased knowledge in the long run). It takes only a short while to download one of the many firewall configuration utilities and get iptables to do what you want. I personally like shorewall (I usually run firewalls on low-end hardware and don't want GUI tools) but there are several to choose from. Required knowledge of iptables is practically nil. Incidently, I'd recommend Netgear over Linksys anyway wink. Well, let me qualify that: most of the Netgear gateway/routers that I've seen lately support dyndns out of the box. Very cool. Other than that, they're probably equivalent. -- Cliff Wells, Software Engineer Logiplex Corporation (www.logiplex.net) (503) 978-6726 x308 (800) 735-0555 x308 signature.asc Description: This is a digitally signed message part
RE: RH8.0 and making it secure
Your assumption was correct but both of you have great feed back. I am interested more in the aspects of securing linux (RH8.0) in a corporate environment where there is mixture of friendlys and hostels. Good feedback. Looks like there is some reading to do! (Like it ever ends) -Original Message- From: Daily, Shane, CTR [mailto:[EMAIL PROTECTED]] Sent: Monday, January 06, 2003 2:13 PM To: '[EMAIL PROTECTED]' Subject: RE: RH8.0 and making it secure Iptables Cable/DSL router Yes, if you're in a hurry and don't care to learn much about network security you can certainly go out and buy a Cable/DSL Router with a built in firewall. I was making the assumption that he was trying to learn about security and harden the linux box itself. Building a firewall is a good way to do both. Shane -Original Message- From: Ed Wilts [mailto:[EMAIL PROTECTED]] Sent: Monday, January 06, 2003 3:00 PM To: [EMAIL PROTECTED] Subject: Re: RH8.0 and making it secure On Mon, Jan 06, 2003 at 02:40:37PM -0700, Daily, Shane, CTR wrote: So many things to consider I'd start with an iptables overview if you're box is on the internet. A good Linux Security book is worth having too. Personally, I wouldn't start with iptables. If you have either cable or DSL (with Ethernet connectivity), buy a low-end Linksys firewall or something like it. Put it between you and the cable modem. That will get the vast majority of your security attempts since by default all ports are closed. Now that you've got the initial threat out of the way, focus on everything else (like turning off all services you don't need, etc.). -- Ed Wilts, Mounds View, MN, USA mailto:[EMAIL PROTECTED] Member #1, Red Hat Community Ambassador Program -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
RE: RH8.0 and making it secure
On Mon, 6 Jan 2003, Christopher Lyon wrote: Your assumption was correct but both of you have great feed back. I am interested more in the aspects of securing linux (RH8.0) in a corporate environment where there is mixture of friendlys and hostels. Good feedback. Looks like there is some reading to do! (Like it ever ends) i suggest getting *both* a low-end router, *and* locking down your box with iptables. currently, in the house, the DSL modem plugs into a pretty inexpensive linksys WAP *with* a 4-port switch. my brother plugs his box directly into the linksys hub, while i run my laptop from the office down the hall. the linksys was around $100 US, and it's a great investment, since it gives you wireless access, as well as some internal filtering. you can *never* have too much protection. rday -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
RE: RH8.0 and making it secure
For what it's worth, I picked up Building Secure Servers with Linux (BAUER --O'Reilly press). It suggested among other things http://www.bastille-linux.org/ which offers some perl scripts... Bastille Linux has been designed to educate the installing administrator about the security issues involved in each of the script's tasks, thereby securing both the box and the administrator. Each step is optional and contains a description of the security issues involved. I guess you can skip the explanations if you wish. Haven't used it yet myself as I'm in a developement environment now and don't go beyond localhost. -- shawn [EMAIL PROTECTED] -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list