Linux

Whch Linux REh Hat etc.

Is the easier to configure for security purposes (I'm new to Linux)?

What other proggies that are not supplied with the install may be
needed.?


The Linux box will connect to B-Band & the Windows to it.

Spammicus Killius:NO EMAIL REPLIES

Spammicus Killius

On Sat, 10 Jan 2004 14:27:05 +0000, Spammicus Killius
<spammers-must-> wrote:

>Whch Linux REh Hat etc.
>
>Is the easier to configure for security purposes (I'm new to Linux)?
>
>What other proggies that are not supplied with the install may be
>needed.?
>
>
>The Linux box will connect to B-Band & the Windows to it.

Learing linux is a good idea, however, you don't really want to learn
about security on something that is internet connected, because if you
misconfigure something, then the chances are that someone other than
you will "own" that box ... and pretty quickly too.

I'd recommend learning about security on another machine if at all
possible, at least until you have developed a better knowledge of
linux.

There's quite a few security distro's based on linux out there that
might make your life a little bit easier.

Check out the following sites:

http://www.smoothwall.org - Smoothwall.
http://www.ipcop.org - IPCop (a Smoothwall derivative).

There's quite a few others out there, but Smoothwall is one of the
best.

I used to avoid recommending Smoothwall to people, but that was all
due to an abusive former company director of Smoothwall - he has since
left the Smoothwall team.

There's plenty of security how-to's out there for linux, and a google
for securing linux shows up plenty of links.

http://www.google.com.au/search?q=ho...-8&hl=en&meta=

It might also be worthwhile heading over the The Linux Documentation
Project as well - http://www.tldp.org .

Dazz

>Spammicus Killius:NO EMAIL REPLIES

Dazz

"Dazz" <> wrote in message
news:...
> On Sat, 10 Jan 2004 14:27:05 +0000, Spammicus Killius
> <spammers-must-> wrote:
>
> >Whch Linux REh Hat etc.
> >
> >Is the easier to configure for security purposes (I'm new to Linux)?
> >
> >What other proggies that are not supplied with the install may be
> >needed.?
> >
> >
> >The Linux box will connect to B-Band & the Windows to it.
>
> Learing linux is a good idea, however, you don't really want to learn
> about security on something that is internet connected, because if you
> misconfigure something, then the chances are that someone other than
> you will "own" that box ... and pretty quickly too.
>
> I'd recommend learning about security on another machine if at all
> possible, at least until you have developed a better knowledge of
> linux.
>
> There's quite a few security distro's based on linux out there that
> might make your life a little bit easier.
>
> Check out the following sites:
>
> http://www.smoothwall.org - Smoothwall.
> http://www.ipcop.org - IPCop (a Smoothwall derivative).
>
> There's quite a few others out there, but Smoothwall is one of the
> best.

If you want more than a pure firewall (Apache etc) than I've also used
ClarkConnect - it also helped that this was (at the time) based on the
shipping version of RH Linux, rather than the much older version that
SmoothWall was using (no support for my particular NICs).

One of the safer ways to learn is to setup a box in your DMZ, and play with
that..

--

Hairy One Kenobi

Disclaimer: the opinions expressed in this opinion do not necessarily
reflect the opinions of the highly-opinionated person expressing the opinion
in the first place. So there!

Hairy One Kenobi

"Hairy One Kenobi" <abuse@[127.0.0.1]> wrote in
news:irZLb.472$:

> "Dazz" <> wrote in message
> news:...
>> On Sat, 10 Jan 2004 14:27:05 +0000, Spammicus Killius
>> <spammers-must-> wrote:
>>
>> >Whch Linux REh Hat etc.
>> >
>> >Is the easier to configure for security purposes (I'm new to Linux)?
>> >
>> >What other proggies that are not supplied with the install may be
>> >needed.?
>> >
>> >
>> >The Linux box will connect to B-Band & the Windows to it.
>>
>> Learing linux is a good idea, however, you don't really want to learn
>> about security on something that is internet connected, because if
>> you misconfigure something, then the chances are that someone other
>> than you will "own" that box ... and pretty quickly too.
>>
>> I'd recommend learning about security on another machine if at all
>> possible, at least until you have developed a better knowledge of
>> linux.
>>
>> There's quite a few security distro's based on linux out there that
>> might make your life a little bit easier.
>>
>> Check out the following sites:
>>
>> http://www.smoothwall.org - Smoothwall.
>> http://www.ipcop.org - IPCop (a Smoothwall derivative).
>>
>> There's quite a few others out there, but Smoothwall is one of the
>> best.
>
> If you want more than a pure firewall (Apache etc) than I've also used
> ClarkConnect - it also helped that this was (at the time) based on the
> shipping version of RH Linux, rather than the much older version that
> SmoothWall was using (no support for my particular NICs).
>
> One of the safer ways to learn is to setup a box in your DMZ, and play
> with that..
>

there are linux distro's that are specifically geared towards firewall
security. check out "distowatch" for a listing.

but as mentioned earlier, you want to be real good on linux if you are
going to use it as a security measure. you have to be able to know how to
go in and configure/edit config files.

--
Rowdy Yates
MCSE, Security+, Linux+
I am Against-TCPA
http://www.againsttcpa.com

Rowdy Yates

"Rowdy Yates" <> wrote in message
news:Xns946CBF86A5EADrowdyyatesnospamlyco@66.185.9 5.104...
> "Hairy One Kenobi" <abuse@[127.0.0.1]> wrote in
> news:irZLb.472$:
>
> > "Dazz" <> wrote in message
> > news:...
> >> On Sat, 10 Jan 2004 14:27:05 +0000, Spammicus Killius
> >> <spammers-must-> wrote:

<snip>

> >> There's quite a few security distro's based on linux out there that
> >> might make your life a little bit easier.
> >>
> >> Check out the following sites:
> >>
> >> http://www.smoothwall.org - Smoothwall.
> >> http://www.ipcop.org - IPCop (a Smoothwall derivative).
> >>
> >> There's quite a few others out there, but Smoothwall is one of the
> >> best.
> >
> > If you want more than a pure firewall (Apache etc) than I've also used
> > ClarkConnect - it also helped that this was (at the time) based on the
> > shipping version of RH Linux, rather than the much older version that
> > SmoothWall was using (no support for my particular NICs).
> >
> > One of the safer ways to learn is to setup a box in your DMZ, and play
> > with that..
> >
>
> there are linux distro's that are specifically geared towards firewall
> security. check out "distowatch" for a listing.
>
> but as mentioned earlier, you want to be real good on linux if you are
> going to use it as a security measure. you have to be able to know how to
> go in and configure/edit config files.

Erm.. quite. Like the ones listed above (!)

TBH, neither SmoothWall of ClarkConnect requires more than a very basic
knowledge of computers to get set up. (With the possible exception of
playing guess-the-NIC with very old versions of SmoothWall).

ClarkConnect isn't a true firewall (it tries to do too much), but is (IMHO)
a good compromise for a home user who wishes to run a small website on their
connection. It gets a bit "fun" if you try and configure it to forward FTP
elsewhere, though ;o)

H1K

Hairy One Kenobi

"Hairy One Kenobi" <abuse@[127.0.0.1]> wrote in
newsi9Mb.801$:

> "Rowdy Yates" <> wrote in message
> news:Xns946CBF86A5EADrowdyyatesnospamlyco@66.185.9 5.104...
>> "Hairy One Kenobi" <abuse@[127.0.0.1]> wrote in
>> news:irZLb.472$:
>>
>> > "Dazz" <> wrote in message
>> > news:...
>> >> On Sat, 10 Jan 2004 14:27:05 +0000, Spammicus Killius
>> >> <spammers-must-> wrote:
>
> <snip>
>
>> >> There's quite a few security distro's based on linux out there
>> >> that might make your life a little bit easier.
>> >>
>> >> Check out the following sites:
>> >>
>> >> http://www.smoothwall.org - Smoothwall.
>> >> http://www.ipcop.org - IPCop (a Smoothwall derivative).
>> >>
>> >> There's quite a few others out there, but Smoothwall is one of the
>> >> best.
>> >
>> > If you want more than a pure firewall (Apache etc) than I've also
>> > used ClarkConnect - it also helped that this was (at the time)
>> > based on the shipping version of RH Linux, rather than the much
>> > older version that SmoothWall was using (no support for my
>> > particular NICs).
>> >
>> > One of the safer ways to learn is to setup a box in your DMZ, and
>> > play with that..
>> >
>>
>> there are linux distro's that are specifically geared towards
>> firewall security. check out "distowatch" for a listing.
>>
>> but as mentioned earlier, you want to be real good on linux if you
>> are going to use it as a security measure. you have to be able to
>> know how to go in and configure/edit config files.
>
> Erm.. quite. Like the ones listed above (!)
>
> TBH, neither SmoothWall of ClarkConnect requires more than a very
> basic knowledge of computers to get set up. (With the possible
> exception of playing guess-the-NIC with very old versions of
> SmoothWall).
>
> ClarkConnect isn't a true firewall (it tries to do too much), but is
> (IMHO) a good compromise for a home user who wishes to run a small
> website on their connection. It gets a bit "fun" if you try and
> configure it to forward FTP elsewhere, though ;o)
>
> H1K
>
>
>

point taken. still, you should be pretty good w/linux - to use it as an
enterprise firewall. you want to be able to go in there and do
cusomizatons without relying on ng's & opensource community to hold your
hand every step of the way.



--
Rowdy Yates
MCSE, Security+, Linux+
I am Against-TCPA
http://www.againsttcpa.com

Rowdy Yates

"Rowdy Yates" <> wrote in message
news:Xns946D62157CE5Frowdyyatesnospamlyco@66.185.9 5.104...
> "Hairy One Kenobi" <abuse@[127.0.0.1]> wrote in
> newsi9Mb.801$:
>
> > "Rowdy Yates" <> wrote in message
> > news:Xns946CBF86A5EADrowdyyatesnospamlyco@66.185.9 5.104...
> >> "Hairy One Kenobi" <abuse@[127.0.0.1]> wrote in
> >> news:irZLb.472$:
> >>
> >> > "Dazz" <> wrote in message
> >> > news:...
> >> >> On Sat, 10 Jan 2004 14:27:05 +0000, Spammicus Killius
> >> >> <spammers-must-> wrote:
> >
> > <snip>
> >
> >> >> There's quite a few security distro's based on linux out there
> >> >> that might make your life a little bit easier.
> >> >>
> >> >> Check out the following sites:
> >> >>
> >> >> http://www.smoothwall.org - Smoothwall.
> >> >> http://www.ipcop.org - IPCop (a Smoothwall derivative).
> >> >>
> >> >> There's quite a few others out there, but Smoothwall is one of the
> >> >> best.
> >> >
> >> > If you want more than a pure firewall (Apache etc) than I've also
> >> > used ClarkConnect - it also helped that this was (at the time)
> >> > based on the shipping version of RH Linux, rather than the much
> >> > older version that SmoothWall was using (no support for my
> >> > particular NICs).
> >> >
> >> > One of the safer ways to learn is to setup a box in your DMZ, and
> >> > play with that..
> >> >
> >>
> >> there are linux distro's that are specifically geared towards
> >> firewall security. check out "distowatch" for a listing.
> >>
> >> but as mentioned earlier, you want to be real good on linux if you
> >> are going to use it as a security measure. you have to be able to
> >> know how to go in and configure/edit config files.
> >
> > Erm.. quite. Like the ones listed above (!)
> >
> > TBH, neither SmoothWall of ClarkConnect requires more than a very
> > basic knowledge of computers to get set up. (With the possible
> > exception of playing guess-the-NIC with very old versions of
> > SmoothWall).
> >
> > ClarkConnect isn't a true firewall (it tries to do too much), but is
> > (IMHO) a good compromise for a home user who wishes to run a small
> > website on their connection. It gets a bit "fun" if you try and
> > configure it to forward FTP elsewhere, though ;o)

> point taken. still, you should be pretty good w/linux - to use it as an
> enterprise firewall. you want to be able to go in there and do
> cusomizatons without relying on ng's & opensource community to hold your
> hand every step of the way.

Sorry - loggerheads time ;o)

The main technical challenge I found with ClarkConnect (not necessarily
something one would use an an Enterprise firewall/server, unless we're
talking TNG's Mr. Data ;o) was inserting the CD the right way up.

Given /that/ it's not exactly difficult to install. Like most similar
distros, it either "just happens" or you get to duplicate the "ducks look
serene from above the waterline" view of life ;o)

(For those people about to claim a convert: Linux wobbles just as well as it
rocks. Ditto Windows, and any form of *nix that I've come across. Even VMS
and mainframe stuff, if one "pushes" hard enough.

As goes relative vulnerabilities - when was the last time *you* debugged a
HAL-9000? ;o)

H1K

P.S. I /did/ get the CD the right way up.. ;o)

P.P.S. Kudos to the guy/gal that remembers the AE-35 component in Linux -
came across it years back, can't remember!

Hairy One Kenobi

On Sat, 10 Jan 2004 14:27:05 +0000, Spammicus Killius
<spammers-must-> wrote:

>Whch Linux REh Hat etc.
>
>Is the easier to configure for security purposes (I'm new to Linux)?
>
>What other proggies that are not supplied with the install may be
>needed.?
>
>The Linux box will connect to B-Band & the Windows to it.

Any of the major distros will do - the most user-friendly ones are
Mandrake, Lycoris and Xandros - the latter two because they try to
make their desktop look like Windows a bit.

For security, look into Guarddog and Bastille Linux - the former is a
front-end to setting up the built-in Linux firewall, the latter is a
set of scripts that helps lock down Linux while informing you about
why and how it should be locked down.

Guarddog is here http://www.simonzone.com/software/guarddog/

Bastille Linux is here http://www.bastille-linux.org/


--
Richard Steven Hack
"Whatever does not kill me makes me stronger" -
and YOU have not killed me!

Richard Steven Hack

"Richard Steven Hack" <> wrote in message
news:...
> On Sat, 10 Jan 2004 14:27:05 +0000, Spammicus Killius
> <spammers-must-> wrote:
>
> >Whch Linux REh Hat etc.
> >
> >Is the easier to configure for security purposes (I'm new to Linux)?
> >
> >What other proggies that are not supplied with the install may be
> >needed.?
> >
To really lock down your system see Mastiff, www.crbn.com for a free trail
that supports up to 3 systems. Give your files total protection from
hackers, terrorists, industrial spies and even government intelligence
agencies.

Ben

elsid

On Mon, 12 Jan 2004 08:24:43 -0800, "elsid" <> wrote:

>To really lock down your system see Mastiff, www.crbn.com for a free trail
>that supports up to 3 systems. Give your files total protection from
>hackers, terrorists, industrial spies and even government intelligence
>agencies.

Just looking at that Web site makes me suspicious. A quick Google
shows this software has been spammed all over the place but does not
appear to have reviewed by any recognized security organization. They
even have a Freshmeat page put up by the same handle used to place the
ads all over the place, one "elsid".

And nothing is going to keep the NSA out of your system if they want
in, if they have to black-bag you.

This rings like really fraudulent spam crap.

Until someone competent reviews this stuff - which claims to be able
to override even "super-user privileges" - which sounds like bullshit
to me - I wouldn't touch this thing with a ten-foot pole.


--
Richard Steven Hack
"Whatever does not kill me makes me stronger" -
and YOU have not killed me!

Richard Steven Hack