From owner-freebsd-questions@FreeBSD.ORG  Thu May 11 05:43:43 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id BF89A16A405
	for <freebsd-questions@freebsd.org>;
	Thu, 11 May 2006 05:43:43 +0000 (UTC)
	(envelope-from dthomas53@gmail.com)
Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.176])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D35A043D46
	for <freebsd-questions@freebsd.org>;
	Thu, 11 May 2006 05:43:42 +0000 (GMT)
	(envelope-from dthomas53@gmail.com)
Received: by py-out-1112.google.com with SMTP id m51so129182pye
	for <freebsd-questions@freebsd.org>;
	Wed, 10 May 2006 22:43:42 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com;
	h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references;
	b=ZhkIbbMDEIPphAQyyPWxR8VwUKHlr3Tny11IEdI5yujScVlEILeCcCj9tyNeq+jh075oHVCi5GjodU/EtaM2nGaXXWYgHU0WSriC2rV58SSwt9Cafn2R6XKgyvDoLYFLFlj2l5ym5oMscfXG3LjLsQYISzKZxE1vFD35H3u2vBQ=
Received: by 10.35.91.15 with SMTP id t15mr616205pyl;
	Wed, 10 May 2006 22:43:42 -0700 (PDT)
Received: by 10.35.13.3 with HTTP; Wed, 10 May 2006 22:43:42 -0700 (PDT)
Message-ID: <f2c91f770605102243p7f436695o84ca19b4a15548d6@mail.gmail.com>
Date: Thu, 11 May 2006 01:43:42 -0400
From: "David Stanford" <dthomas53@gmail.com>
To: "Jim Stapleton" <stapleton.41@gmail.com>
In-Reply-To: <80f4f2b20605102022m52ad9b27jd27903e7997fa782@mail.gmail.com>
MIME-Version: 1.0
References: <80f4f2b20605100617t3adfc57brc213c8571288727f@mail.gmail.com>
	<MIEPLLIBMLEEABPDBIEGGEKCHGAA.fbsd@a1poweruser.com>
	<80f4f2b20605102022m52ad9b27jd27903e7997fa782@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Cc: freebsd-questions@freebsd.org
Subject: Re: securing beyond the handbook
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 11 May 2006 05:43:43 -0000

Jim,

I'm currently reading Mastering FreeBSD and OpenBSD Security, and thus far
it is proving to be a fantastic book covering many advanced security topics
specifically related to BSD. I suggested you order a copy from
Amazon<http://www.amazon.com/gp/product/0596006268/qid=3D1147325988/sr=3D1-=
1/ref=3Dsr_1_1/102-5661269-0811354?s=3Dbooks&v=3Dglance&n=3D283155>;
it's well worth the time...

-David

On 5/10/06, Jim Stapleton <stapleton.41@gmail.com> wrote:
>
> Rephrase:
>
> I have 5 static IPs
> currently 1 is being used to "power" the NAT for all the machines
> inside the network, the other 4 are empty.
>
> I'm getting one of those 4 remaining, and having it point directly to
> my BSD machine.
>
>
>
> On 5/10/06, fbsd <fbsd@a1poweruser.com> wrote:
> > There is no difference between a dynamic and static ip
> > address from the point of the firewall.
> >
> > If you felt secure before, then getting a static ip
> > address will have no effect on that.
> >
> > -----Original Message-----
> > From: owner-freebsd-questions@freebsd.org
> > [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Jim
> > Stapleton
> > Sent: Wednesday, May 10, 2006 9:18 AM
> > To: freebsd-questions@freebsd.org
> > Subject: securing beyond the handbook
> >
> >
> > I'm about to get a static IP and direct outside access for my BSD
> > box
> > (before it was hidden behind a firewall/NAT). I was comfortable with
> > the level of security I've had, but with the whole "open to the
> > outside world" setup I'll have, what would you suggest for securing
> > it?
> >
> > I'll be running:
> > Apache
> > PHP
> > MySQL
> > SSH/SFTP
> > OpenRPG (only occasionally, from a special nonpriv account)
> >
> > Any suggestions, any of these that you know are such huge security
> > holes that you would absolutely demand something else be run?
> >
> > Any other security suggestions?
> >
> > Thanks,
> > -Jim
> > _______________________________________________
> > freebsd-questions@freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > To unsubscribe, send any mail to
> > "freebsd-questions-unsubscribe@freebsd.org"
> >
> >
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
> freebsd-questions-unsubscribe@freebsd.org"
>