Hi,
Hi,
I have a project which involves using LTSP (linux Terminal Server Project) with SuSE 7.3 as the server. There will be 50 terminals with 200 accounts just to be used for email and Web Surfing.
ups, i hope you have a 100Mbps network with switches (forget about hubs)
However as far as I can see I have more then enough security related concerns.
NFS, NFS swap (looks like I need since the terminals have less then 64 MB Ram), Xserver
First of all, don't swap over NFS. The benefits of swapping get lost if you use NFS, it takes too much time to make things that it became just unusable. I told you because i just did it and i makes things worst (my ws was p200 mmx with 64 mb ram and 100mbps network with switches, my server was a quad Xeon with 2 Gb of ram and 27Gb of disk. The disk was a hardware raid with a mylex 1100 and three disks ultra wide scsi 160 at 10k rpm). The second point, encrypting NFS??? mmm, i don't agree with that... is a very bad idea due to performance issues.
The project is for a government office so security concern (both internal and external) is high.
is better to use switches and split up your traffic. Use firewalls for all your networks, and isolate machines as much as you can (that is the main reason to use switches instead of hubs).
What are my best options in securing /encrypting these services ? Pointers are really appreciated.
The best thing you can do, is to make a very good network design. Putting firewalls to join networks and split each terminal traffic. Acording my experience that's all i can tell you, i hope this help you. Bye -- "Solo me arrepiento de unos * de menos y unos ++ de sobra" Carlos Manuel Duclos Vergara