[NTLUG:Discuss] Cd based Proxy/Firewall (again)
Paul Drew
solarcurve at msn.com
Sat Jul 12 11:12:59 CDT 2003
Howdy,
I had been looking at them actually, but I didnt see anything about being cd
bootable, and allowing me that feature. One of our boxes was comprimised
with a root kit after gaining access via brute force on ssl being run by
apache. We suffered major downtime, and problems because of this, and with a
cd based system we could simply reboot the server, and be back in business
while we made changes to stop future attacks. This is just an idea I am
thinking about to help keep us safe. Feel free to poke some holes in it. :)
The servers main purpose is a proxy to other servers to relay the web
traffic. Thanks for everyones time, and help. :) Have a great day, and take
care.
Paul Drew
>From: severian at pobox.com
>Reply-To: NTLUG Discussion List <discuss at ntlug.org>
>To: NTLUG Discussion List <discuss at ntlug.org>
>Subject: Re: [NTLUG:Discuss] Cd based Proxy/Firewall (again)
>Date: Sat, 12 Jul 2003 01:51:56 -0500
>
>Howdy,
> I suggest you look at www.smothwall.org and www.ipcop.org Ipcop is a
>fork of Smoothwall that has been updated(and Smoothwal has evolved since
>the fork, as well). I built a new firewall.router/etc with ipcop last
>week, I can't say IPcop is really better than smoothwall. I switched
>after running Smoothwall for a year and a half just because I wanted to try
>the competition. It took about 20 minutes and everything was running.
>That is a lot faster than installing a full distro like RedHat. You don't
>want a lot of the stuff installed with a big distribution, anyway. If you
>decide you need more than IPcop or smoothwall gets you, look at Mandrake.
>There is an install option for a firewall server. I installed Mandrake,
>RedHat, and Suse, FreeBSD and a couple others 2 months ago as a test.
>Mandrake was the one that could create the simplest working firewall server
>without doing anything more than selecting installation options.
>Good luck,
>Ralph
>
>
>In response to the welcome remarks of Paul Drew at 04:46 PM 7/11/03 -0500:
>>soooo sorry to bring this up again, but I want to be smart with this. The
>>execs' are pushing for just RedHat, but I think we can be smarter than
>>that. Especialy after we were at the bad end of a root kit recently.
>>Thanks again, have a great day, and take care.
>>
>>Paul Drew
>
>
>
>_______________________________________________
>https://ntlug.org/mailman/listinfo/discuss
_________________________________________________________________
Protect your PC - get McAfee.com VirusScan Online
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
More information about the Discuss
mailing list