FW: [Malvern] Recommendations for File Servers

Stuart Parkington mrsparks_maillists at yahoo.com
Sun Oct 22 08:57:10 BST 2006 

Hi Ian,

> Any particular reason for using a PC as a fire wall instead of a piece of
> software?  I presume that you use this PC in place of a router?  Although I
> have a router I am not convienced about its management of ports so as I
> already have Norton Firewall on my windows partition I am just duplicating
> that within the Linux distros.
The two main reasons I chose to use an additional PC based hardware 
firewall are:

1. It gives a good degree of physical separation. Because it has 3 NICs, 
anyone trying an attack is attacking the external card. It is a 
different MAC address (and thus IP Address) presented to the internet 
than that used on your internal (trusted) network (yest it does act as a 
NAT router). I also get excellent management of ports.

2. It gave me the ability to run a DMZ - a half way house between the 
internet and my trusted network. This is the place where I can put an 
internet facing web server, mail server or vpn connector should I need 
to. I then don't need to expose my internal systems to the risks on the 
internet. Indeed if I did more bit torrenting (is that a verb?) than I 
do it would be advisable to put my torrent flux machine in the DMZ. 
Wikipedias description of a DMZ here 
http://en.wikipedia.org/wiki/Demilitarized_zone_%28computing%29

On a windows PC I'd also run software firewall - basically because of 
the amount of spy ware around for windows and the number that try to 
make external connections ('phoning-home' as it gets referred to).


> What is SSH and why would that help me do the Admin?
SSH stands for Secure SHell. Basically it allows you to make remote 
connections to remote machines, in a similar way to Telnet. However, SSH 
is fully encrypted ans thus secure (telnet is plain text, thus open to 
being 'sniffed'). With SSH you can create secure tunnels between 
machines. The Wikipedia description of SSH is here 
http://en.wikipedia.org/wiki/Ssh


> AV software would be for the PC only - I have noted that Linux is being
> gradually targetted more and more by viruses etc.  Again I have Norton on my
> windows partition so just duplicating that.
I've always been taught (in an MS environment) to create AV boundary 
defenses as well as AV on the machine itself. Although my works 
(Windows) laptop runs McAfee continuously it just seemed natural to me 
to do a nightly check of the file server. Two separate AV programs are 
then checking my windows shared files within each 24 hour period. It 
also protects against any Linux viruses that may appear.


> The VPN client is indeed a way I will be truying to go forward but will need
> help on this too later - mainly because I think at the moment the distro is
> going to be Ubuntu.  Anyone any reasons why not to?
I keep planning to look at implementing OpenVPN (http://openvpn.net/) 
myself, which seems to be the best option I've come up with, but haven't 
got around to it yet.

Regards
Stuart

---------------------------
Linux #423936  Ubuntu #4500
---------------------------

More information about the Malvern mailing list