From owner-freebsd-questions Sat Jun 16 11:20:17 2001 Delivered-To: freebsd-questions@freebsd.org Received: from clmboh1-smtp3.columbus.rr.com (clmboh1-smtp3.columbus.rr.com [65.24.0.112]) by hub.freebsd.org (Postfix) with ESMTP id E7A0937B403 for ; Sat, 16 Jun 2001 11:19:55 -0700 (PDT) (envelope-from wmoran@iowna.com) Received: from iowna.com (dhcp065-024-023-038.columbus.rr.com [65.24.23.38]) by clmboh1-smtp3.columbus.rr.com (8.11.2/8.11.2) with ESMTP id f5GIGas23732; Sat, 16 Jun 2001 14:16:37 -0400 (EDT) Message-ID: <3B2BA317.FC3B8A57@iowna.com> Date: Sat, 16 Jun 2001 14:19:03 -0400 From: Bill Moran X-Mailer: Mozilla 4.76 [en] (X11; U; FreeBSD 4.3-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: Dave Atkins Cc: freebsd-questions@FreeBSD.ORG Subject: Re: a single resource for small network basic security considerations References: <000701c0f68e$20cdefd0$0300a8c0@dave> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Here are a few of the resources I use: 1. man pages for IPFW, natd. 2. FreeBSD handbook 3. www.freebsddiary.org 4. www.mostgraveconcern.com/freebsd/ Dave Atkins wrote: > > Sorry, I should stop posting before people start telling me to RTFM...but > this list is the most helpful resource I have been able to find. > > Is there a good online resource which goes into step-by-step detail about > how to set up and protect a small network--for example for a small startup > company? > > I have found tons of information, scattered all over the place, but no good > single resource. > > Here is the outline for what I believe would be the topics needed. I don't > expect people to answer these questions on this list, but if you have good > links and send them to me (dave@atkinshome.com), I will compose a > comprehensive article and repost it--or at least a link to a url. My > question for this list is whether someone else has already done this? > > 1) basic network architecture > how to set up a firewall machine > how to enable NAT including real IP to private IP aliasing > how to use ifpw to write rules that provide best security - and the > consequences of each rule > how to set up dhcp to provide addressing for the internal network and how > to deal with static ips > how to lock down the firewall machine by disabling vulnerable services and > setting system security > how can I monitor attempted intrusions? > > 2) enabling the internal network > Mail: what is most secure smtp strategy? (and howto do it) > bastion host outside firewall relaying to internal mail server or just > open a port to the internal server? > how do I prevent my mail server from becoming a spam relay? > latest sendmail config tweaks? > server configuration/security above and beyond packet filtering > covered above? > DNS configuration > I run my own DNS...should I poke a hole in the firewall or protect my > servers as best I can and leave them outside the firewall? > How do I handle DNS for the internal network, given that I have these > external DNS servers going too? > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message -- If a bird in the hand is worth two in the bush, then what can I get for two hands in the bush? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message