On Sat, 1 Jan 2000 04:10:31 -0500 "Eric Friedrich" <[EMAIL PROTECTED]> wrote:
> I've sucessfully set up a home LAN with NAT, OpenBSD firewall, and all > the goodies. However, I'm wondering what the next step is. As far as > system maintenance, I know that all OS's require constant patches, but > I have no idea what that involves as far as OpenBSD goes, is there a > program out there which will update the system for me? No, OpenBSD doesn't have automatic updates yet. You'll need to check http://www.openbsd.org/errata.html on a regular basis and rebuild the system manually (not real hard though). > Also, I've heard of attacks using other protocols, and such, what > other security measures can I implement aside from only opening the > necessary ports with PF? Is there anything to protect against non tcp > attacks, DOS attacks and other ones I'm not mentiong? Just block all incoming traffic and use stateful firewalling and NAT. Only open specific ports/protocols to allow others to access inside services (www, mail, ...). If you aren't running any services on your firewall or aren't running internal services which need outside access there is no need to open any ports. Arguably you might accept (certian kinds) of ICMP traffic. This setup will protect against non-tcp attacks initiated against you. DoS attacks are harder to deal with, depends on the kind of DoS (connection flood, icmp flood). // nick
