Installing a firewall, Part 1
This article is the first in a three-part series that provides a blueprint for setting up a multifunctional firewall and server. You'll want to do this if you don't want to spend the resources to have one computer act as a Web server, another as a print server, yet another as a firewall, and so on. Whether you're concerned about increasing the security level at your small business or setting up a firewall and IP Masquerading server at home, these articles will show you the steps we took to replace an old server with a multifunction server and firewall. After reading the series, you should be able to configure a functional firewall and server that provides basic Internet services while maintaining a moderate level of security.
We will use the systems we set up for one of our clients as our example configuration. The client shop had a Linux-based GNU system as its main server and firewall. The box was an old 486 running Red Hat 5.2, upgraded from 5.1. Over time, its duties had grown from simply mail service to Web, anonymous FTP, login, and CVS (source code revision control) serving. Two years ago, it was compromised twice -- with minimal damage, but several work days lost in cleanup. Further, the old machine (we'll call it plains.example.com) was too slow for all the services it offered -- and our client wanted to add more.
Security analysis
Before deciding what to do, we performed a simple security needs analysis. Our client is a small software engineering firm with virtually no valuable hardware. Its primary asset is its source code and hence the primary risk is the loss or damage of that source code. The client's second main risk is the amount of time that would be wasted in cleaning up after a break-in: finding backdoors and eliminating them, reinstalling operating systems, analyzing logs, and so on.
Brian Proffitt
Microsoft/Novell: Breaking Down the Coupon Numbers
Esther Schindler
Drupal's Dries Buytaert on Building the Next Drupal
Tom Henderson
Top Ten General Operating Systems Rants
pasmith
PS3 motion controller delayed; goes up against Project Natal
sjvn
Neolithic Windows security hole alive and well in Windows 7
claird
Perl source code comparison makes for good reading
mikelgan
Cell phones don't create stress or interrupt much
Sandra Henry-Stocker
How to: The Unix Interview
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
- Ubuntu advances: Why Ubuntu server installations will surge in 2010
- Social media marketing: How to make friends with benefits
- More...
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
Sign up »
New Open Storage: Save up to 75% over traditional storage costs with Sun's Unified Storage. Sun's breakthrough technology delivers flexibility, ease-of-use, and energy efficiency for better performance across your business. Try Sun's virtual simulator now.
Brought to you by: |
This month we're giving away 5 copies of each of these great books. Enter today for your chance to win!
|
Friends With Benefits: A Social Media Marketing Handbook |
 |
Ubuntu Unleashed 2010 Edition |
|
VMware vSphere 4 Implementation |
15 Ways to Make YouTube More Useful
From downloading videos to reinventing the interface, these 15 tools will help you use YouTube like you've never used it before.
