This isn't my expertise so don't hold me to this, but I can't think of a more secure way to separate services.
The biggest security concern of mine is the FTP server, so if you have to combine services, try to not combine anything with FTP. If you really want to learn security, check out: Maximum Linux Security (US$34.99) by John Ray, Anonymous http://www.amazon.com/exec/obidos/ASIN/0672321343/ These guys cover everything from the way you should set up partitions, to securing services, to intrusion detection, to gathering evidence after a breach. Joseph Wagner -----Original Message----- From: Patrick Beart [mailto:[EMAIL PROTECTED]] Sent: Tuesday, May 14, 2002 12:01 AM To: [EMAIL PROTECTED] Subject: Security: Separation of Services Folks: I'm new to Linux. I've been using it for a year or so, but have relied upon (questionable) GUI's for most of that time. Now I'm dedicating myself to really LEARNING this stuff - with the help of a network admin friend. Here's the question: My company provides Web site hosting services for about 2 dozen (Web site development) clients. I've just purchased my 3rd (1U) server for my colo space. All services (HTTP, SMTP, POP, FTP, etc.) have previously been allocated to just the one server. The second server was for backup or (occasionally) Anonymous FTP for large files. I'm trying to determine the best arrangement of services for each box. Here's my fantasy as to separation of services for highest security: Box #1 -- Web (HTTP) and Primary DNS Box #2 -- Mail (POP3) and Secondary DNS Box #3 -- Backup (or occasional Anonymous FTP) Any thoughts about this arrangement or suggestions for a better mix? Patrick Beart -- ------------------------------------------------ Web Architecture & "iWeb4Biz" 503-774-8280 Portland, OR Internet Consulting, Intelligent Web site Development & Secure site Hosting. http://www.WebArchitecture.com/ "This is an era when nonsense has become acceptable and sanity is controversial." - Thomas Sowell ------------------------------------------------ _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
