[CLUE-Tech] Of Security and Firewalls..

[ian]

On Sun, Mar 18, 2001 at 08:32:16PM +0000, Jim Intriglia wrote:
> Been following the discussion of security and ftp, telenet and firewalls in 
> general. Ian's post re: get the firewall up first then the other servers 
> behind it got me thinking..
> 
> I am planning to install Starband Internet service (cosumer 2-way, 
> always-on, small-dish satellite service) up here in Conifer, and will need 
> to get a firewall up-and-running ASAP!
> 
> I have an old P133 Dell Pentium as a test PC, and my inclination is to 
> install a 'hardened' Linux distro such as Bastille. I've checked the 
> Firway/Proxy How-To; it was last updated 2/2000 - dated a bit - still worth 
> a read-through?
> 
> Any suggestions on where to begin reading with respect to this 
> firewall/proxy approach (using Linux-based firewall distro such as Bastille 
> or others?). Also, am I better off beginning with IMAP featured in 2.4 
> kernal or should I start with learning IPCHAINS?

In a previous post the wonderful TrinityOS system is a good one to look at.
The other good one already posted is Bastille Linux.  

Thanks for those great resources folks.  

Read the stuff on the firewall and NAT configurations.

Do you mean the Netfilter in 2.4 or start with Ipchains?

Definitly go with 2.4 Netfilter.  It is a signifacntly improved capable 
firewalling system.  It makes the jump from stateless packet filtering
to stateful packet filtering.  MAJOR improvement.  

With Stateful packet filtering you do take a hit with more memory overhead 
but at the same time you get some functionality that is excellent.  

However if you need to have something up and running immediately you
kinda need to go with 2.2 stable kernel right now unless you like 
bleeding really badly.  :)  

Boy.. was that alot of misc talking.  
ian