RE: Need firewall adviceSep 27 2006 11:07PM Steve Armstrong (stevearmstrong logicallysecure com)
Matt
It seems strange to go from none to spending a fair bit of cash on a FW.
As you seem to know your way around Linux why not use one of the open
source FWs.
I personally use Smoothwall: Smoothwall.org, note that smoothwall.net
is the non open source corporate version - worth a look if the free one
is too limited for you.
I like Smoothy, because it is very extensible and with some of the mods
available can be made to have open source content filtering and snort
based IDS that dynamically blocks attacking ip addresses.
I put post here http://www.logicallysecure.com/forum/viewtopic.php?t=42
about the better mods and what they do (I have used all of the ones
listed).
All you need is a reasonable box (I use an old P3 750 with 512 ram and a
30 gb HDD) 3 nics and you are off! You can still do DNS and vpn access
in - but check the forums as there is a known problem that requires a
change to a files or the external listener will not pass off GRE (vpn)
packets to the internal lans.
Also bin the hubs - they should only be used for capture the flags and
honeynets - never production systems and never in DMZs
Hope this is of some use.
Steve A
-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
On Behalf Of mattknows (at) gmail (dot) com [email concealed]
Sent: 24 September 2006 20:31
To: firewalls (at) securityfocus (dot) com [email concealed]
Subject: Need firewall advice
I got attacked this weekend. I run a small business network set up
thusly: DSL router (static /24 DSL service) to hub. Real IP address
servers for mail, dns, web. All internal servers, workstations, etc.
behind Linksys running VPN endpoint to my static DSL at home so I can do
remote admin, work, etc. My linux servers on the outside, several were
compromised, from what looks like a ssh vulnerability. Rebuilt servers
with Trustix, running NO network services but the daemon doing the
servers job (DNS, etc.). I feel I need something between the DSL router
and hub that feeds the external servers and the linksys. Considering
WatchGuard and SonicWall. Need advice on which, and on specific
configuration. Thanks!!
It seems strange to go from none to spending a fair bit of cash on a FW.
As you seem to know your way around Linux why not use one of the open
source FWs.
I personally use Smoothwall: Smoothwall.org, note that smoothwall.net
is the non open source corporate version - worth a look if the free one
is too limited for you.
I like Smoothy, because it is very extensible and with some of the mods
available can be made to have open source content filtering and snort
based IDS that dynamically blocks attacking ip addresses.
I put post here http://www.logicallysecure.com/forum/viewtopic.php?t=42
about the better mods and what they do (I have used all of the ones
listed).
All you need is a reasonable box (I use an old P3 750 with 512 ram and a
30 gb HDD) 3 nics and you are off! You can still do DNS and vpn access
in - but check the forums as there is a known problem that requires a
change to a files or the external listener will not pass off GRE (vpn)
packets to the internal lans.
Also bin the hubs - they should only be used for capture the flags and
honeynets - never production systems and never in DMZs
Hope this is of some use.
Steve A
-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
On Behalf Of mattknows (at) gmail (dot) com [email concealed]
Sent: 24 September 2006 20:31
To: firewalls (at) securityfocus (dot) com [email concealed]
Subject: Need firewall advice
I got attacked this weekend. I run a small business network set up
thusly: DSL router (static /24 DSL service) to hub. Real IP address
servers for mail, dns, web. All internal servers, workstations, etc.
behind Linksys running VPN endpoint to my static DSL at home so I can do
remote admin, work, etc. My linux servers on the outside, several were
compromised, from what looks like a ssh vulnerability. Rebuilt servers
with Trustix, running NO network services but the daemon doing the
servers job (DNS, etc.). I feel I need something between the DSL router
and hub that feeds the external servers and the linksys. Considering
WatchGuard and SonicWall. Need advice on which, and on specific
configuration. Thanks!!
[ reply ]