Date: Thu, 9 Sep 1999 23:22:41 -0400 (EDT) From: "Brian Mitchell (ISSATL)" <bmitchel@iss.net> To: "James E. Housley" <jim@thehousleys.net> Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: A Challenge Message-ID: <Pine.BSF.4.10.9909092316300.25910-100000@egon.iss.net> In-Reply-To: <37D87080.4D44E9C4@thehousleys.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> I have about 5 years experance with FreeBSD. I am running it at home > connected to a cable modem. My server is fairly secure from the > outside. I periodically read and act upon the builins from CERT, etc. > > The box is just going to be running NATD and IPFW, maybe DHCLIENT. Some suggestions: dump natd/ipfw, use ipf and ipnat instead so you can use keepstate, which is very close to a stateful packet filter). subscribe to bugtraq (http://www.securityfocus.com, it's somewhere in there). dont install X, or any other services not absolutely necessary for the operation of the firewall. Administration should be (ideally) done at console (no x!) remove privledges of all executables that you dont require. Enable them on a case by case basis, if they need to be used for the operation of the firewall. > Mr. NT is been told he can try and break-in, crash what ever this box > from the internet side. > > I am asking for links, pointer to make sure this is configured as > secure/solid as possible. I will be installing 3.3-STABLE over this > weekend (9/11/1999). I really want to make sure we win. Might want to write chroot() wrappers around all network daemons too. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9909092316300.25910-100000>