From owner-freebsd-questions Fri Aug 10 2:30:52 2001 Delivered-To: freebsd-questions@freebsd.org Received: from web13304.mail.yahoo.com (web13304.mail.yahoo.com [216.136.175.40]) by hub.freebsd.org (Postfix) with SMTP id D3E1C37B401 for ; Fri, 10 Aug 2001 02:30:47 -0700 (PDT) (envelope-from sumirati@yahoo.de) Message-ID: <20010810093047.98507.qmail@web13304.mail.yahoo.com> Received: from [193.174.9.99] by web13304.mail.yahoo.com; Fri, 10 Aug 2001 11:30:47 CEST Date: Fri, 10 Aug 2001 11:30:47 +0200 (CEST) From: =?iso-8859-1?q?m=20p?= Subject: Re: Help advice needed! ->Re: Yep-I been hacked! To: Keith Spencer , crimsun@email.unc.edu Cc: freebsd-questions@freebsd.org In-Reply-To: <20010809225243.35195.qmail@web12007.mail.yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --- Keith Spencer schrieb: > Hi Marc and all > I am grateful to all for the feedback. These cracking > idiots are a pain and waste my valuable time! Like the time of everyone else. > Some advice please. What if I.... > * Build a separate firewall machine ( I have one to > use) which is only that using IPFW. Building a harded bridging/routing host for the borders of your network(s) is always a good idea. > * Have my existing dns/web/mail/ftp/router on a > separate machine with dual network cards...one > attached to the Lan and one attached to the firewall > computer. The conecpt that most people are using today is named "Bastion Host". That means a host (or bundle of machines) that are doing proxying (not allowing / controlling which content/service can be accessed), packet filtering (blocking unwanted connections to ports where people don't have to go), reporting tools (that you know whats going on) .. and much more. This concept is called "Firewall". So perhaps you want to instal more than only a packet filter (that is what IPFW is - an IP firewall). Try squid for example, or another proxy you heard about / have knowledge about. And try the FWTK (Firewall Tool Kit from tis.org - classic but good). Take the machine you don't need at the moment and put _three_ NICs into it (If you have not enough, take one from your "all-purpose server"). One NIC will go to the outside, one to the inside and the third will _only_ go to your "all-purpose server". Then take a look at daemonnews where an artikel was posted: http://www.daemonnews.org/200103/firewall.html Or other articles like these: http://www.daemonnews.org/200108/security_overview.html http://www.daemonnews.org/200108/security-howto.html They will give you an idea - and you have to _think_ about security. Every time. > > OR > simply setup IPFW on the existing router > With a web-/mail-/dns-/ftp-server on it? Think again. If you think "yes" go back two sentences. :) > > With option 1, how do I disable or restrict all > compilers and ability to run scripts etc or whatever I > need?? Don't install any compiler. If some are install delete/remove them, move them to a directory and burn this to CD-R so that you can access them if you need them. You may want to lookup login.conf for some parameters (eg how much process can be run parallel). (It will be in the user home directory) > I presume I need to include rules to allow mail web > etc requests to pass. The Freebsd docs has a section > on firewalls, will this be a sufficient set to let my > standard services run..e.g. mail to get out & in and > http requests in from the world to apache? If this procedure will be sufficent is depending on what data do you need to save? Private one? Or a whole company? How much data lies on these outside components? Read the articles above and perhaps buy the book "Building Internet Firewalls" from Chapman / Zwicky and others - the classic one. Then develop your own rules. Just my two cent Marc __________________________________________________________________ Do You Yahoo!? Gesendet von Yahoo! Mail - http://mail.yahoo.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message