[NTLUG:Discuss] Cd based Proxy/Firewall (again)

Paul Drew solarcurve at msn.com
Sat Jul 12 11:12:59 CDT 2003


Howdy,
I had been looking at them actually, but I didnt see anything about being cd 
bootable, and allowing me that feature. One of our boxes was comprimised 
with a root kit after gaining access via brute force on ssl being run by 
apache. We suffered major downtime, and problems because of this, and with a 
cd based system we could simply reboot the server, and be back in business 
while we made changes to stop future attacks. This is just an idea I am 
thinking about to help keep us safe. Feel free to poke some holes in it. :) 
The servers main purpose is a proxy to other servers to relay the web 
traffic. Thanks for everyones time, and help. :) Have a great day, and take 
care.

Paul Drew


>From: severian at pobox.com
>Reply-To: NTLUG Discussion List <discuss at ntlug.org>
>To: NTLUG Discussion List <discuss at ntlug.org>
>Subject: Re: [NTLUG:Discuss] Cd based Proxy/Firewall (again)
>Date: Sat, 12 Jul 2003 01:51:56 -0500
>
>Howdy,
>   I suggest you look at www.smothwall.org and www.ipcop.org   Ipcop is a 
>fork of Smoothwall that has been updated(and Smoothwal has evolved since 
>the fork, as well).  I built a new firewall.router/etc with ipcop last 
>week,  I can't say IPcop is really better than smoothwall.  I switched 
>after running Smoothwall for a year and a half just because I wanted to try 
>the competition.  It took about 20 minutes and everything was running.  
>That is a lot faster than installing a full distro like RedHat.  You don't 
>want a lot of the stuff installed with a big distribution, anyway.  If you 
>decide you need more than IPcop or smoothwall gets you, look at Mandrake.  
>There is an install option for a firewall server.  I installed Mandrake, 
>RedHat, and Suse, FreeBSD and a couple others 2 months ago as a test.  
>Mandrake was the one that could create the simplest working firewall server 
>without doing anything more than selecting installation options.
>Good luck,
>Ralph
>
>
>In response to the welcome remarks of Paul Drew at 04:46 PM 7/11/03 -0500:
>>soooo sorry to bring this up again, but I want to be smart with this. The 
>>execs' are pushing for just RedHat, but I think we can be smarter than 
>>that. Especialy after we were at the bad end of a root kit recently. 
>>Thanks again, have a great day, and take care.
>>
>>Paul Drew
>
>
>
>_______________________________________________
>https://ntlug.org/mailman/listinfo/discuss

_________________________________________________________________
Protect your PC - get McAfee.com VirusScan Online  
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963




More information about the Discuss mailing list