From owner-freebsd-questions@FreeBSD.ORG Thu May 11 03:22:40 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E288116A400 for ; Thu, 11 May 2006 03:22:40 +0000 (UTC) (envelope-from stapleton.41@gmail.com) Received: from wx-out-0102.google.com (wx-out-0102.google.com [66.249.82.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6D27843D45 for ; Thu, 11 May 2006 03:22:40 +0000 (GMT) (envelope-from stapleton.41@gmail.com) Received: by wx-out-0102.google.com with SMTP id t13so62127wxc for ; Wed, 10 May 2006 20:22:39 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=mK3Yjg9CxyXTmatOsfqpJwD8I8bq2VxAp7WhyN3SLzUwZObU8Wth0FCMbVwGaP8DVW3eHQ4qwBUGCy/dNqc4IMhl3EdMUetlb7hQO/U4+TxbxnSDVZyCHyHd1ju5XaFzwx4EmOE+RRm89+ETDEvTD3JS3wBp33a7IAhwpIF2I48= Received: by 10.70.99.17 with SMTP id w17mr493185wxb; Wed, 10 May 2006 20:22:39 -0700 (PDT) Received: by 10.70.76.10 with HTTP; Wed, 10 May 2006 20:22:39 -0700 (PDT) Message-ID: <80f4f2b20605102022m52ad9b27jd27903e7997fa782@mail.gmail.com> Date: Wed, 10 May 2006 23:22:39 -0400 From: "Jim Stapleton" To: freebsd-questions@freebsd.org In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <80f4f2b20605100617t3adfc57brc213c8571288727f@mail.gmail.com> Subject: Re: securing beyond the handbook X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 May 2006 03:22:41 -0000 Rephrase: I have 5 static IPs currently 1 is being used to "power" the NAT for all the machines inside the network, the other 4 are empty. I'm getting one of those 4 remaining, and having it point directly to my BSD machine. On 5/10/06, fbsd wrote: > There is no difference between a dynamic and static ip > address from the point of the firewall. > > If you felt secure before, then getting a static ip > address will have no effect on that. > > -----Original Message----- > From: owner-freebsd-questions@freebsd.org > [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Jim > Stapleton > Sent: Wednesday, May 10, 2006 9:18 AM > To: freebsd-questions@freebsd.org > Subject: securing beyond the handbook > > > I'm about to get a static IP and direct outside access for my BSD > box > (before it was hidden behind a firewall/NAT). I was comfortable with > the level of security I've had, but with the whole "open to the > outside world" setup I'll have, what would you suggest for securing > it? > > I'll be running: > Apache > PHP > MySQL > SSH/SFTP > OpenRPG (only occasionally, from a special nonpriv account) > > Any suggestions, any of these that you know are such huge security > holes that you would absolutely demand something else be run? > > Any other security suggestions? > > Thanks, > -Jim > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > >