From owner-freebsd-questions@FreeBSD.ORG  Wed May 10 13:17:41 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 42C7716A407
	for <freebsd-questions@freebsd.org>;
	Wed, 10 May 2006 13:17:41 +0000 (UTC)
	(envelope-from stapleton.41@gmail.com)
Received: from wx-out-0102.google.com (wx-out-0102.google.com [66.249.82.192])
	by mx1.FreeBSD.org (Postfix) with ESMTP id F1ABB43D72
	for <freebsd-questions@freebsd.org>;
	Wed, 10 May 2006 13:17:31 +0000 (GMT)
	(envelope-from stapleton.41@gmail.com)
Received: by wx-out-0102.google.com with SMTP id t13so1217108wxc
	for <freebsd-questions@freebsd.org>;
	Wed, 10 May 2006 06:17:31 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com;
	h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition;
	b=UcKofESSzosHk09S5ZT+xD7pAamRGXsYGAipZcx1CJBN/EQPsR7ItU/erBoxWhiMXsU5BvzkVUEk/cfRLEnGr2MkKTJaU8MHVkmAJfpRPIk7Sxt+56fJtWgvkbPL8hYqqScgHkZcRrbroG/86brRHNOvSnIVdzJWzHKJBeLFJG4=
Received: by 10.70.109.20 with SMTP id h20mr402083wxc;
	Wed, 10 May 2006 06:17:30 -0700 (PDT)
Received: by 10.70.76.10 with HTTP; Wed, 10 May 2006 06:17:30 -0700 (PDT)
Message-ID: <80f4f2b20605100617t3adfc57brc213c8571288727f@mail.gmail.com>
Date: Wed, 10 May 2006 09:17:30 -0400
From: "Jim Stapleton" <stapleton.41@gmail.com>
To: freebsd-questions@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Subject: securing beyond the handbook
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 10 May 2006 13:17:42 -0000

I'm about to get a static IP and direct outside access for my BSD box
(before it was hidden behind a firewall/NAT). I was comfortable with
the level of security I've had, but with the whole "open to the
outside world" setup I'll have, what would you suggest for securing
it?

I'll be running:
Apache
PHP
MySQL
SSH/SFTP
OpenRPG (only occasionally, from a special nonpriv account)

Any suggestions, any of these that you know are such huge security
holes that you would absolutely demand something else be run?

Any other security suggestions?

Thanks,
-Jim