Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Security, Distributed firewalling application...long ;-)

from [Sanjay Arora] Network Security [Permanent Link]
Subject: Security, Distributed firewalling application...long ;-)
Date: Tue, 29 Nov 2005 18:03:17 +0530 
List:

We are a small company with a (very short) shoe-string budget running
CentOS 4.2. I am a newbie sys-admin and am planning securing the Network
as follows, please comment on design and if known suggest a GUI & policy
based ruleset generator that can additionally (preferably rsync the
ruleset over ssh) to the target machine & reset the ruleset.

WAN: A DSL link firewalled by an IPtables firewall, currently running
IPcop on this...may shift to monowall or pfsense..or maybe add
additional rulesets to the IPcop box itself. ssh, http, pop3, imap, smtp
redirected to internal IP space (192.168.) DMZ server running web-apps
and is the vulnerable target.

DMZ: Want to close all ports (in/out) on the DMZ server except for the
above services, with logging of all attempts from inside the lan or
outside.

LAN: 4 Servers running various services according to their jobs. Want to
explicitly close all ports (in/out) except the required ones with
logging of all attempts.

Other things to be done: 

1. Running an IDS on the local network (Snort).
2. Block all outgoing mail except from the official mailserver & running
anti-spam & antivirus on all in/out mails, with a copy of all logged for
archival/forensics purposes.
3. Block all outgoing ports except as required and log all attempts to
connect to blocked ports from inside or outside.
3. Install an application to get all iptables logs from all servers
including the perimeter firewall, into a database.
5. Get data from the perimeter IDS & LAN IDS into the database.
6. Extrapolate the database on regular basis for re-evaluation.

Comments are invited on the above. Also suggestions of open source &
free projects that can help my deploy the policy based firewalling and
all the above.

Why I need a GUI & policy based framework for implementing my firewalls,
when my requirements are static? Well, I may need to add additional role
to a server on the LAN, if any other server fails. In fact, I intend to
keep the services prepared on alternate servers, only not deploy them
redundantly. Secondly, never know when needs change and something that
is easily configured and deployed would adapt better.

Also, I have a question that needs answer. How do I allow IMs like
yahoo, msn, icq and transparently proxying & logging all business
chats...staff will be aware from IT policy that all email/IM are
recorded. We plan to run a Jabber server for Enterprise IM but how to
control the IMs?

Please critique..bang my head on floor & caution on the drawbacks of the
approach...advise...provide links/learning resources...share
experiences...and help me get it right.

With best regards.
Sanjay.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Security, Distributed firewalling application...long ;-), Sanjay Arora <=
Previous by Date:  Re: Freeware Firewall for Sun Solaris, Alexander Klimov
Next by Date:  RE: CHECKPOINT VPN Client, Pablo Hauser
Previous by Thread:  VPN Client linux to zyxel zywall, Guilhem MARCHAND
Next by Thread:  Cisco PIX 525/501/VPN, Ercan Elibol
Indexes:  [Date] [Thread] [Top] [All Lists]