March 26, 2001, 10:32 AM —
In the first part of this series, we discussed the installation of Trustix, a secured Linux distribution, on our client's new firewall machine,
wolf.example.com. In the second part, we detailed setting up services on
wolf to provide functionality comparable to that of the server
plains.example.com. In this third and last installment, we will discuss some of the additional security measures we took to further protect our client's data. Those included firewall setup and the installation of intrusion-detection tools, along with local security measures.
After installing such services, it would be possible to get a false sense of security about the firewall system. But all the security software and setup in the world is worthless without regular monitoring. It is crucial that human beings look at the reports generated by the software and monitor security mailing lists for new vulnerabilities.
Creating a firewall
A firewall is a router that refuses to route and thus prevents outside traffic from reaching the inside. We chose to poke several holes through the firewall to permit a few different kinds of traffic through, but a pure firewall would allow no traffic at all. As discussed in the previous installment, the services running on our firewall,
wolf, are Postfix, Squid, and FTPD.