When the proper steps are taken, SuSE can be extrememly secure. You simply must run SuSEfirewall or iptables (they are the same, SuSEfirewall simply adds a config wrapper) and you can configure it to allow NFS or whatever you want on the inside port. You should prevent services from listening on the outside interface and configure the firewall to refuse connection attempts to unwanted services on the outside interface. I would advise that, out of the box, SuSE should not be place on the Internet with no protection. However, with a bit of configuration, SuSE can be reasonable secure on the Internet. Regards, -GS -----Original Message----- From: Adalberto Castelo [mailto:castelo@comcast.net] Sent: Saturday, December 20, 2003 9:08 AM To: suse-security@suse.com Subject: [suse-security] request for opinions: SuSE 9 secure as a web server? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi folks, I'm planning to serve web pages from my personal box (family pictures and the like), running SuSE 9 stock with all patches. The machine will be handed all port 80 (or whatever port I decide to use) requests from my linksys router/ firewall, therefore being completely exposed on that port. I'll also be letting ssh through. So my question is: how dangerous is this? How secure is a SuSE 9 box (with no tweaks or anything, just configured everthing with yast). I'm asking your opinion as to whether SuSE is considered reasonably safe for what I have in mind or if I should look for other options. And perhaps if there are simple steps I can take to increase my chances of not being cracked. Just some more info: in my internal network I'm running NFS, so can't use the suse firewall (since it blocks that service). I'm also running rsync. Cheers, Adalberto -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iQIVAwUBP+Rz596AspoXaofZAQLWTRAAmvTlJMOuFYHaTl1jd0wBG783DT/EasRi +n2kvNw6h1miR1aAvkObE//+/h1Vu2SHdMTnwIJvaMfXpdYg4Id+114+uk8MhJ6F JuaRMx6WL3bjw2oh/yGUP/n8TMxrYDVKIDmm2lrFmAb35UMnqa4J9bfJyAnMt3gm fZii/bd+BRzf7aZrJG7BZeHNLBFDTLMemU+pTH3ZqjVwxNbV9uE7gfCnK05TSrdZ 7pUFCVe0zEeGglO2r9lxpjQ+Azd2Ml2CDUq7m7YXPTg5ZBYXlVX0x6HaxUkS/YT4 MvfNbSVGqRp5e2iVV7TzYasddXr7FKwSLHJ6myGxUKTwn3iMSX3Z0j8fS1tFHSRj 9KboPqjWdsrGf86CfJeUwLRL+ZtuAu3do96tooYRDbzrMkbCgKmGXfJw1dxC5QkZ ovGuLK6HumtG8FSJebSlLZRvR6ctuo/+BfcLlHfKHbwTrYx6wVpXcqA4iGMfg1Fy 2tJ85UhoEMQzUHmQ3s3EJTVoKASAdOSVB9cVQ3TpFdLCsqavKD4tiLxkMN021ExC f2V2Xq7Kd38F0FG5ZLbGzdlSnCQ3rcaX9llI7kSxXxVf1lipEdYStNJ5H1ZORx9D AvLsGNfLQa7nl5yPev+NdA6wmxHF/fTFxVWsRdhMpAIaglpWoTweOlNA3ll3ivr0 Tdv6s4wYs9I= =Y+/m -----END PGP SIGNATURE----- -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here This electronic message transmission is a PRIVATE communication which contains information which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. If you are not the intended recipient, please be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited. Please notify the sender of the delivery error by replying to this message, or notify us by telephone (877-633-2436, ext. 0), and then delete it from your system.