Re: [plug] Debian Pix

Thu, 27 May 2004 00:39:06 -0700 

On 5/27/2004 3:11 PM, Paolo Alexis Falcone wrote:

On Thu, 2004-05-27 at 13:47 +0800, Eric Noel wrote:


Thanks for the replies. im more concerned on the security aspect, ive done 3 nic firewall using shorewall for one company but its not a financial company. Currently, i have someone who wants to implement a comapny wide firewall using debian. My only concern if its really secure to use debian (specifically bf24 and a few binaries e.g shorewall) to protect the company. ive read somewhere of using selinux implementation, bastille, etc to really secure a distribution, but is this necessary wouldnt debian hold off intrusions etc? 


The setup i made a year ago was initially designed to protect some
pertinent information like tax records and the like.

That being said, by default, any Cisco appliance or Unix system would
need configurations to make it work to the desired environment. Debian
installs are usually very minimal, so you could just add up the
components you really need to make it apt for the task at hand - which
in this case is to be a firewall.

It's not anymore a question about the distribution to apply (I simply
don't subscribe to marketing hype of 'secure by default' :D), but rather
the processes done to make and keep it secure.



------------------------------------------------------------------------

--
Philippine Linux Users' Group (PLUG) Mailing List
[EMAIL PROTECTED] (#PLUG @ irc.free.net.ph)
Official Website: http://plug.linux.org.ph
Searchable Archives: http://marc.free.net.ph
.
To leave, go to http://lists.q-linux.com/mailman/listinfo/plug
.
Are you a Linux newbie? To join the newbie list, go to
http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie

So does this mean that if i put a debian box (just plaint bf24, console only, no additional package) in the Internet, it cannot defend itself against an attack? im just worried, coz i used before a bf24 debian, console only, remove any uneeded inetd services (e.g. discard, auth, time, etc), and installed shorewall for its fw module (open/forward port 80 only) that it cant defend itself from an attack or takeover.
--
Philippine Linux Users' Group (PLUG) Mailing List
[EMAIL PROTECTED] (#PLUG @ irc.free.net.ph)
Official Website: http://plug.linux.org.ph
Searchable Archives: http://marc.free.net.ph
.
To leave, go to http://lists.q-linux.com/mailman/listinfo/plug
.
Are you a Linux newbie? To join the newbie list, go to
http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie

Reply via email to