From owner-freebsd-questions  Tue Aug 28  7:24:53 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from mail.bacxs.com (ubr-b-33.179.173.winterpark.cfl.rr.com [65.33.179.173])
	by hub.freebsd.org (Postfix) with ESMTP id 7DC2337B406
	for <questions@freebsd.org>; Tue, 28 Aug 2001 07:24:46 -0700 (PDT)
	(envelope-from mwoodson@bacxs.com)
Received: from efx.bacxs.com by mail.bacxs.com
	with SMTP (MDaemon.v3.5.3.R)
	for <questions@freebsd.org>; Tue, 28 Aug 2001 10:23:00 -0400
Message-Id: <5.1.0.14.0.20010828101902.026900a0@192.168.99.2>
X-Sender: mwoodson@192.168.99.2
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Tue, 28 Aug 2001 10:23:00 -0400
To: <questions@freebsd.org>
From: Mark Woodson <mwoodson@bacxs.com>
Subject: Re: Security !
In-Reply-To: <62d801c12fc9$e3edd0b0$0a05030a@internal.ramnet.gr>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-Return-Path: mwoodson@bacxs.com
X-MDaemon-Deliver-To: questions@freebsd.org
Reply-To: mwoodson@bacxs.com
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

At 05:01 PM 8/28/2001 +0300, midiostri@in.gr wrote:
>Hi,
>
>I'm busy securing our LAN and I need to setup a freebsd 4.3 box that will 
>run as firewall and protect my vulnerable network from the internet chaos. 
>I also think of running NAT there too.
>
>There appear to be quite a lot of hackers and intruders in the wild and I 
>need to keep them out of my lan.
>
>I'd appreciate any suggestions or links/references to stuff that can help 
>me on this.

The first thing I could suggest would be to get yourself a good 
book.  "Building Internet Firewalls" published by O'Reilly is a good place 
to start.

Next you'll need to learn about Unix/BSD so that you can properly secure 
your box.

Then pick a filtering/NAT product.  I use IP Filter/NAT.

Then finally build your firewall.

>Also, are there any scripts that can be run periodically on a computer and 
>check if there are changes made to files ?

Tripwire, you'll find it in the ports collection.

/usr/ports/security/tripwire

Start with a good book on security and/or firewalls.

-Mark



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message