| View previous topic :: View next topic |
| Author |
Message |
AliasXZ
l33t
Joined: 08 Feb 2005
Posts: 847
Location: England, Wakefield
|
 Posted: Fri Apr 29, 2005 8:44 am Post subject: Firewall setups |
 |
|
ive read a few posts about people being hacked vai SSH etc etc
dyou recon NAT in my router and smoothwall behind that is secure enough? everything is up to date
I think this is secure enough, but i just want some opinions..
cheers
_________________
Main:
Kernel: 5.4.38 amd64
RAM: 4GB
Lappy:
Macbook Pro 10.14.6
------------------------------
Please add (solved) to your first post when your issue is resolved  |
|
| Back to top |
|
 |
krolden
Apprentice
Joined: 28 May 2004
Posts: 293
Location: Belgium
|
| Posted: Fri Apr 29, 2005 10:20 am Post subject: |
|
|
Up to date doesn't mean it is secure. There could be numerous exploits out there that aren't publicly known.
DNAT doesn't add anything to security.
You might consider implementing the following security measures:
Public key authentication
TCP wrappers
running the server on a different port |
|
| Back to top |
|
|
AliasXZ
l33t
Joined: 08 Feb 2005
Posts: 847
Location: England, Wakefield
|
| Posted: Fri Apr 29, 2005 10:51 am Post subject: |
|
|
i have PK Auth.
will look into tcp wrappers cheers
i would of thought that smoothwall should do a pretty good job of protecting
_________________
Main:
Kernel: 5.4.38 amd64
RAM: 4GB
Lappy:
Macbook Pro 10.14.6
------------------------------
Please add (solved) to your first post when your issue is resolved |
|
| Back to top |
|
|
krolden
Apprentice
Joined: 28 May 2004
Posts: 293
Location: Belgium
|
| Posted: Fri Apr 29, 2005 3:16 pm Post subject: |
|
|
You can easily have your smooth wall let through all of the traffic. You would still have a hardware firewall, but would it add to security? No. A good policy is to deny everything, except what you need. And even then you can lock the system even better. For instance, my computer at university has a fixed IP, so I have my server only accept traffic from that IP.
I know IPs can be spoofed, but that would make things a bit harder for a possible attacker. Implementing security is not about installing a firewall, it's about building various layers of defences. |
|
| Back to top |
|
|
metalifloyd
n00b
Joined: 13 Dec 2004
Posts: 46
Location: Atlanta, GA
|
| Posted: Sat Apr 30, 2005 4:40 am Post subject: |
|
|
I know this is going to sound like an advertisement for Cisco but here goes...
I use an 831 router for my gateway to the internet. I use the router's built in NAT and firewall capabilities. I also use CBAC (Context based access control). This creates a dynamic firewall that only opens temporary holes in the firewall as I (or any inside host) require. The 831 also supports a rather rudimentary but still effective IDS system which can dynamically adjust to different "attacks" i.e. DOS, spoofing, etc.
For anyone interested in a benchmark tool to analyze "how secure" their IOS or PIX config is, check out RAT. |
|
| Back to top |
|
|
|
Gentoo Chat
