On Tue, 3 Aug 1999, Simon Martin wrote: > Hi all, > > I have tendered for a few Internet/Intranet projects where I will be using > Debian with Apache / sendmail / inn / etc to provide the necessary services. > I have no problems with this, but I will also need to install a firewall, > typical configuration (MZ, DMZ, World). I would like to use Debian here as > well to keep everything on the same platform (do not read same host), but I > come up against a distinct lack of knowledge, from a sales as well as a > technical point of view:
You might consider subscribing the Debian Security Mailing List. There are some plans to create a 'secure' Debian, but this won't happen too soon. > 1) Comparison of Debian Vs Firewall-1 > My major competition here is Firewall-1. Anyone know of any comparison of > features / robustness / weaknesses? This is impossible: Firewall-1 is a fixed product, Debian is a distribution. The security of the Debian box will mainly depend on the knowlege of the person who configured it ( if done by some knowlegeable person it should be almost as secure as a firewall-1, but security is hard to compare). In many situation Debian will even be more secure (over here in Germany Firewall-1 sells with rather weak encryption (thanks to the US goverment) and a Debian system will easily outperform a Firewall-1 in terms of encryption strength). > 2) VPN > Is this available on Debian? Can I get the TCP/IP stack to encrypt / decrypt > automatically? If so what encryption methods are available? Yes, have a look at the FreeSwan project. The code installs easily and supports most of the common encrytion types (but have a look at the licence! In the US some of the enc. algorythms are patented in the US). > > 3) Hacking > I am no hacker, and I need to become one to test my installations. Anyone > know of resources (official or clandestine) that could help me in this > respect. This actually could become quite a little niche market as I am sure > that down here very few people really have the knowledge to test / debug > firewall performance. > I know that this last request is a very sensitive issue indeed. If any > further documentation is required to insure the legitimacy of my request > then please feel free to e-mail me. Trying to hack your own boxes is NOT a valid test of security. The only thing you test is your capability of hacking (i.e. if you can get in it only shows that you're not a good hacker, it tells you nothing about the quality of the system). You need a LOT of experience to judge security, this is not a skill that can be learned from books. If your current project requires security, please do consult a security consultant. You are right, very vew people have the neccessary knowlege and there is a lot of money in this bussiness but it's also hard to keep up with the latest hacking techniques--definitely timeconsuming. If you need startup information, have a look at rootshell or bugtraq etc. But don't expect people to answer questions like 'How do i become a hacker'. Read up all available material on the websites and study bug reports. Ralf *-------------------------------------------------------------------* | | |== | Ralf Mattes | [EMAIL PROTECTED] |== | Programming, Administration | [EMAIL PROTECTED] |== | Thomas Varadi Internet Service | |== | | |== *-------------------------------------------------------------------*== ====================================================================
