> I've successfully set up a home LAN with NAT, OpenBSD firewall, and all > the goodies. However, I'm wondering what the next step is. As far as > system maintenance, I know that all OS's require constant patches, but I > have no idea what that involves as far as OpenBSD goes, is there a > program out there which will update the system for me? > Also, I've heard of attacks using other protocols, and such, what > other security measures can I implement aside from only opening the > necessary ports with PF? Is there anything to protect against non tcp > attacks, DOS attacks and other ones I'm not mentiong? Thanks,
OS-wise you have chosen the absolute best when it comes to running a firewall machine or a bastion host. Stay current with patches and you will be as secure as any machine out there. Next, install a snort machine on the same network that your external firewall interface is on. It will take some heavy reading, but once you are up to speed with this excellent IDS you will never want to be without it. danielrm26