I don't use RedHat myself, so I can't help you on the RH-specific questions.
I'm not sure any one version of a distribution should be any more or less
secure than another, unless the vendor has dropped support and is not
issuing bug fixed RPMs anymore. The magnitude of the problem shouldn't be
all too great on a firewall anyhow, since you'll want a minimum install.
AFAIK, that involves removing quite a few RPMs after the initial
installation on RedHat systems. However, even in that case you can always
download the tarballs, compile and install them yourself.
Note, too, that there is a document online that's fairly good, called
"Securing and Optimizing Linux: RedHat Edition". I don't have a link handy,
but Google should be able to find it quickly.
> - Is Linux the best choice because of my familiarity with it or should I
> delve into unfamiliar territory with something like OpenBSD (or another
> flavor) because of better default security configuration?
>
Well, familiarity is definitely a big plus, though I sometimes question the
level of familiarity with their OS of a lot of Windows NT 'admins' I meet..
;-)
> Without starting a war, in each individuals opinion:
>
> - Is there an easy and or more effective way to way to upgrade Redhat rpms
> what I did above?
>
I suppose it's the easiest way and it'll help you avoid circling
cross-dependencies (RPM A needs RPM B needs RPM A...) that I've seen with
RedHat RPMs. What you probably want to do is verify that all the RPMs are
the ones you expect, so I suppose you'd need to 'rpm -qi' them and check the
versions.
> - What's the are some of the best ways to set up a VPN and what are some
> of
> the best open source packages for VPN to support Windows and UNIX clients?
>
Well, FreeS/WAN is the predominant IPSec implementation on Linux. There is
also a PPTP server, but that protocol is not viewed too highly by many. Note
that IPSec has problems with NAT.
> - Through VPN/or another method can I give PC and UNIX clients access to
> SMB
> and NFS file systems?
>
A VPN basically extends your network. You can transport anything TCP/IP over
a VPN, so yes, you can do NetBIOS over TCP/IP and NFS across a VPN, if you
want to.
> - I have only set up a previous NAT box and the current Bastille firewall
> using an external IP and a private internal network. I want to set up a
> firewall for a lab that contains machines with external IP addresses. How
> would I do that or am I better off to redo the internal network with a
> private IP range? What are the security implications of both alternatives?
>
I'm not sure I understand how they relate. Do you want the lab on the same
network as the internal one?
HTH
Tobias
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
