Mailinglist Archive: opensuse-security (685 mails)

< Previous Next >
Re: [suse-security] Securing Xserver
  • From: Carlos Manuel Duclos Vergara <carlos@xxxxxxxxxxx>
  • Date: Fri, 15 Feb 2002 09:03:36 -0300
  • Message-id: <20020215090336.01b83229.carlos@xxxxxxxxxxx>

> Hi,
>

Hi,

> I have a project which involves using LTSP (linux Terminal Server
> Project) with SuSE 7.3 as the server. There will be 50 terminals with
> 200 accounts just to be used for email and Web Surfing.
>

ups, i hope you have a 100Mbps network with switches (forget about hubs)

> However as far as I can see I have more then enough security related
> concerns.
>
> NFS, NFS swap (looks like I need since the terminals have less then 64
> MB Ram), Xserver
>

First of all, don't swap over NFS. The benefits of swapping get lost if
you use NFS, it takes too much time to make things that it became just
unusable. I told you because i just did it and i makes things worst (my
ws was p200 mmx with 64 mb ram and 100mbps network with switches, my
server was a quad Xeon with 2 Gb of ram and 27Gb of disk. The disk was a
hardware raid with a mylex 1100 and three disks ultra wide scsi 160 at
10k rpm). The second point, encrypting NFS??? mmm, i don't agree with
that... is a very bad idea due to performance issues.

> The project is for a government office so security concern (both
> internal and external) is high.

is better to use switches and split up your traffic. Use firewalls for
all your networks, and isolate machines as much as you can (that is the
main reason to use switches instead of hubs).

>
> What are my best options in securing /encrypting these services ?
> Pointers are really appreciated.
>

The best thing you can do, is to make a very good network design.
Putting firewalls to join networks and split each terminal traffic.

Acording my experience that's all i can tell you, i hope this help you.

Bye

--
"Solo me arrepiento de unos * de menos y unos ++ de sobra"
Carlos Manuel Duclos Vergara

< Previous Next >
References