From owner-freebsd-questions Sat Jun 16 10:55:27 2001 Delivered-To: freebsd-questions@freebsd.org Received: from kekaha.atkinshome.com (kekaha.atkinshome.com [64.121.139.69]) by hub.freebsd.org (Postfix) with ESMTP id DAFA537B406 for ; Sat, 16 Jun 2001 10:55:05 -0700 (PDT) (envelope-from dave@atkinshome.com) Received: from dave (jen.atkinshome.com [64.121.139.68]) by kekaha.atkinshome.com (8.9.3/8.9.3) with SMTP id KAA07249 for ; Sat, 16 Jun 2001 10:42:13 -0700 From: "Dave Atkins" To: Subject: a single resource for small network basic security considerations Date: Sat, 16 Jun 2001 10:59:45 -0700 Message-ID: <000701c0f68e$20cdefd0$0300a8c0@dave> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Sorry, I should stop posting before people start telling me to RTFM...but this list is the most helpful resource I have been able to find. Is there a good online resource which goes into step-by-step detail about how to set up and protect a small network--for example for a small startup company? I have found tons of information, scattered all over the place, but no good single resource. Here is the outline for what I believe would be the topics needed. I don't expect people to answer these questions on this list, but if you have good links and send them to me (dave@atkinshome.com), I will compose a comprehensive article and repost it--or at least a link to a url. My question for this list is whether someone else has already done this? 1) basic network architecture how to set up a firewall machine how to enable NAT including real IP to private IP aliasing how to use ifpw to write rules that provide best security - and the consequences of each rule how to set up dhcp to provide addressing for the internal network and how to deal with static ips how to lock down the firewall machine by disabling vulnerable services and setting system security how can I monitor attempted intrusions? 2) enabling the internal network Mail: what is most secure smtp strategy? (and howto do it) bastion host outside firewall relaying to internal mail server or just open a port to the internal server? how do I prevent my mail server from becoming a spam relay? latest sendmail config tweaks? server configuration/security above and beyond packet filtering covered above? DNS configuration I run my own DNS...should I poke a hole in the firewall or protect my servers as best I can and leave them outside the firewall? How do I handle DNS for the internal network, given that I have these external DNS servers going too? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message