I have to admit having worked with debian-edu on a test system for about 2
months, I really love it!
As I begin to expand the test system into what will finally be duplicated into
a small high school I would appreciate suggestions / advice on a few things:
Currently network setup is simply Tjener with one ethernet port attached to
switch; Thin clients, workstations, network printer and wireless N ap also
attached to switch. Switch goes to router. Router also has wireless G and phone
adapter.
Router connects external port 443 to port 22 for SSH access.
Also, considering enabling DMZ on router for a thincomputer running SNORT on
the external network for intrusion detection.
Needs: Public web server, external email and running programs over vpn or other
secure link, off-site web access to email and files and of course security!
Possibilities:
1. Use Tjener as public webserver, add various webb apps and features as needed
and deal with configuration and security issues that multiply as the number of
web apps increase.
2. Use a separate thin computer as a tthpd webserver (adding a second hub
outside the firewall) and moving the SNORT ids outside with the webserver.
3. Use KVM on Tjener to set up a public webserver (using second nic in Tjener
instead of bridging?). Use managed virtual server such as Amahi to add
additional web features.
4. Change skolelinux kernel to Proxmox kernel and OpenVZ and various Proxmox
appliances to add functionality.
I guess my questions come down to:
1. Security recommendations? Does adding virtualization to skolelinux add to
security?
I realize this is a big question; Any experience or recommendations appreciated.
Thanks,
David
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
Archive: http://lists.debian.org/[email protected]
