Date: Sat, 16 Jun 2001 10:59:45 -0700 From: "Dave Atkins" <dave@atkinshome.com> To: <freebsd-questions@FreeBSD.ORG> Subject: a single resource for small network basic security considerations Message-ID: <000701c0f68e$20cdefd0$0300a8c0@dave>
next in thread | raw e-mail | index | archive | help
Sorry, I should stop posting before people start telling me to RTFM...but
this list is the most helpful resource I have been able to find.
Is there a good online resource which goes into step-by-step detail about
how to set up and protect a small network--for example for a small startup
company?
I have found tons of information, scattered all over the place, but no good
single resource.
Here is the outline for what I believe would be the topics needed. I don't
expect people to answer these questions on this list, but if you have good
links and send them to me (dave@atkinshome.com), I will compose a
comprehensive article and repost it--or at least a link to a url. My
question for this list is whether someone else has already done this?
1) basic network architecture
how to set up a firewall machine
how to enable NAT including real IP to private IP aliasing
how to use ifpw to write rules that provide best security - and the
consequences of each rule
how to set up dhcp to provide addressing for the internal network and how
to deal with static ips
how to lock down the firewall machine by disabling vulnerable services and
setting system security
how can I monitor attempted intrusions?
2) enabling the internal network
Mail: what is most secure smtp strategy? (and howto do it)
bastion host outside firewall relaying to internal mail server or just
open a port to the internal server?
how do I prevent my mail server from becoming a spam relay?
latest sendmail config tweaks?
server configuration/security above and beyond packet filtering
covered above?
DNS configuration
I run my own DNS...should I poke a hole in the firewall or protect my
servers as best I can and leave them outside the firewall?
How do I handle DNS for the internal network, given that I have these
external DNS servers going too?
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000701c0f68e$20cdefd0$0300a8c0>