>What are some of the security issues with IP masquerade?
>How secure is information on the local LAN (behind the IP-masq box)?
IP Masq is only a network address translation system. Because of
this, it doesn't give the user any true security unless the user
impliments a strong IPFWADM or IPCHAINS packet firewall ruleset.
One thing that IP Masq does give you in its stock form is the
inability for an Internet user to direct connect an MASQed
computer. This is due to the fact that MASQ computer can only
initiate traffic and not initially respond to requests. Please
keep in mind that this is NOT any form of REAL security .
>Is it true that the only machine at risk is the IP-masquerade box
>itself?
Initially, yes. But if the hacker breaks into the MASQ box.. your
whole LAN is now hackable. TCPDump is the hackers friend.
>What are some of the settings / methods to best protect my environment,
>both the Masquerade box and resources behind it?
I have gone into detail about Physical, CMOS, Linux OS, and IPFWADM
security recommendations in the TrinityOS doc.
http://www.ecst.csuchico.edu/~dranch/LINUX/index-linux.html
>How can I check to see if someone is trying to gain / or has gained access?
Re-compile the kernel with Firewall Logging and then impliment a strong
IPFWADM and/or IPCHAINS ruleset with logging enabled. Again.. this is all
in TrinityOS and in addition, there are scripts in there to email you
reports once a night.
--David
.----------------------------------------------------------------------------.
| David A. Ranch - Remote Access/Linux/PC hardware [EMAIL PROTECTED] |
!---- ----!
`----- For more detailed info, see http://www.ecst.csuchico.edu/~dranch -----'
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
