Need advice on security
Chong Yu Meng
chongym
Wed Mar 28 09:17:20 PDT 2007
Hi all,
So right now I'm more than a little confused about the subject of
securing servers -- specifically, UNIX/Linux mail servers -- in a data
center. I spoke to some friends who may have had a vested interest in
selling me equipment, and though we all agreed that security was
important, I could not understand how certain firewalls could actually
provide me with better security than a properly configured bastion host.
Here is my scenario: a few years ago, I setup a server for a friend that
would run your typical web and mail services, but because there was no
budget for an additional firewall, I was told to just try to make the
server as secure as possible. I read a few articles in magazines and
online, and I thought that I could make it reasonably secure if I just
did the following:
-- install ONLY what you absolutely need
-- turn off all unneeded services (in this case, only DNS, web, SSH,
SMTP and POP3 were running)
-- block all ports in iptables except those that are absolutely needed
-- change the default SSH port to something other than 22 to thwart
script-kiddies
Well, some friends informed me that I'd still need a firewall.
Considering that the server was not running Windows, and that I'd still
need to open the ports on the firewall anyway, I asked them what
possible benefit would a firewall have, that the UNIX/Linux OS would not
provide anyway? I don't believe that a firewall is some kind of talisman
that can ward off bad things just by being there.
Am I wrong? Did I do enough? What are the ways that UNIX servers can be
penetrated for a scenario like I outlined above? I need to know because
I am wondering if perhaps I should have advised my friend to find the
money for the firewall, somehow (bear in mind that it was not cheap to
host even a 1U server back then: SGD $1000/month, which is about USD
$750/month).
Thanks and regards,
pascal chong
More information about the Linux-users
mailing list