Mailinglist Archive: opensuse-security (192 mails)

< Previous Next >
Re: [suse-security] Firewall + server on one machine?
  • From: rhoerbe@xxxxxxxxxxxxxxxx
  • Date: Wed, 24 May 2000 14:28:20 +0200
  • Message-id: <OF498C1F7C.9B6B4AFD-ONC12568E9.0043FF51@xxxxxxxxxxxxx>
Of course you can do this, and if you really care, security can be quite
OK.
BUT, there are a few issues, that are not wanted on a firewall ..
.. users with shell access -> everybody except sysadmins have /bin/false
as shell,
.. too many packages and programs -> install only what you really need
.. too many (particularly external) services, that makes it difficult to
track all security-related issues

Rainer




Olivier Daigle <daio3003@xxxxxxxxxxxxx>
Sent by: daigle@xxxxxxxxxxxxx
24.05.00 14:16


To: Ragnar Beer <rbeer@xxxxxxxxxxxxxxxxx>
cc: suse-security@xxxxxxxx
Subject: Re: [suse-security] Firewall + server on one machine?

If by "Firewall" you hear "masquerading" or something like that, it may
make sense. Masquerading only open oprts to the outside world when a
machine from the inner world wants to communicate with the outside world.
In that sense, it is quite safe.
Read the security issue about masquerading and FTP for SuSE 6.4.
Olivier
Ragnar Beer wrote:
Howdy everybody!
To secure my machine as good as possible from the outside world I
have closed all the ports that I don't need. So the only ports left
open are ssh, http and https. Above that - does it make any sense to
install a firewall on the _same_ machine (I can't afford another one
at the moment)?
--Ragnar
---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
For additional commands, e-mail: suse-security-help@xxxxxxxx
--
Olivier Daigle
Projet Harfang
(514) 396-8800 ext.7699




< Previous Next >