Skip to main content

:Linux: Identify Gateway Machines

By Madi
Special attention should be paid to gateway or firewall systems, as they usually control access to the services running on the entire network.
Such gateways should be identified, its function within the network should be assessed and owners or administrators should be identified. These hosts, often referred to as bastion hosts are a prime target for an intruder. They should be some of the most fortified machines on the network.

Be sure to regularly review the current access policies and security of the system itself.

These systems should absolutely only be running the services necessary to perform it's operation. Your firewall should not be your mail server, web server, contain user accounts, etc. Some of the things you should check for, and absolutely fortify on these hosts include:


  1. Turn off access to all but necessary services.

  2. Depending on the type of firewall, disable IP Forwarding, preventing the system from routing packets unless absolutely instructed to do so.

  3. Update machine by installing vendor patches immediately.

  4. Restrict network management utilities, such as SNMP, public communities, and write access.

  5. Be sure firewall policy includes mechanisms for preventing common attacks such as IP Spoofing, Fragmentation attacks, Denial of Service, etc.

  6. Monitor status very closely. You should develop a reference point in which the machine normally operates to be able to detect variations which may indicate an intrusion.

  7. Develop a comprehensive firewall model. Firewalls should be treated as
    a security system, not just a program that runs on a machine and has an access control list. Firewall administration should be centrally controlled and evaluation of firewall policies should be done prior to actual firewall deployment.




Excerpt from the LinuxSecurity Administrator's Guide:
Written by: Dave Wreski (dave[at]guardiandigital.com)

[tags]linux, firewall, gateway[/tags]

Comments

Post a Comment

Popular posts from this blog

?????? ?????

By Madi
?????, ?????, ????? ??? ???? ?????! ?? ????? ??????? ???, ??? ?? ???? ?? ?????? ??? ???? ?? ???? ??? ???? ?? ??? ???? ???? , ???? ???? ????? ???????, ????????, ???? ???????, ???? ? ???? ? ???? ????? ???? ????? ??????, ?????? ???? ?? ????? ?????? ???? ????? ??? ??????? ?? ????? ? ??? ?? ??????? ???????? ?? ???? ?? ????? ???? ????? ??? ?????? ? ???? ?????? ????? ? ???? ????? ?????? ???? ?????? ???? ???? ????? ? ???????? ???? ???????, ??? ?????? ????? ?? ??? ????? ?????? ??? ??????? ??? ??? ??????? ????? ???? ? ???? ????? ??? ???? ??? ???? ???? ??????, ?? ????? ??? ?????? ???????? ??? ?????? ?? ??? ???? ???? ?? ??, ???? ???? ??? ?? ????? ?????? ??????
8 comments
Read more

Zend PHP 5 Certification Voucher *sheesh* DISCOUNT

By Madi
In 2005 we had great discount from Zend for the PHP4 exam voucher, guide and practice book, This year, couple of months ago we at JoPHP (Jordan PHP Users Group) for PHP5 Exam festival, we had plan to do one week exam preparation session and then twenty five of us was motivated to take the exam. Many things slowed down the plan and killed the motive and I guess you are safe to put it on me and blame me for that; Hope we will be able to prepare for another event later in 2007. But anyway we always have B plan and here is the deal Purchase PHP 5 Certification Guide which is available in PDF format Practice for the exam Purchase the Certification voucher and use this zcej100 discount code to get $25 off your order. When you feel comfortable, Schedule your test and take the exam Big thanks for Zend for their generous offer and hope we can make better plan for such event next year. Wish you the best. [tags] php users, zend, voucher, users group, many things, motive, jordan, certif
5 comments
Read more

اهم التطورات العلمية في العام ٢٠١٩

By Madi
1 comment
Read more