Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: big security questions the deny access guy return

From: Volker Kindermann <ml () ps102 de>
Date: Tue, 07 Dec 2004 10:00:01 +0100
Hi Carlos,
about dns what bind do you recomend and how can i protect it i would like to install snort to see if somebody is trying to attack in my server so should i use bind 8 or bind 9 and should i use a chrooted schema or not? what other security risk do i have to address? 

regarding dns you should consider two things:
- is it possible for you to switch from bind to djbdns? The later is more secure, simpler, but has a totally different "mindset". Configuration is different but easier. You should check if the functionality of djbdns is sufficient for you.
- if you can't switch to djbdns please take bind 9. Do not use bind 8. And of course you shoud chroot bind.
about mail i was thinking in using postfix in place of sendmail is this a good idea?
Yes. Again, postfix configuration is simpler, the program was written with security in mind and is very performant. No negativ experiences with postfix here.
for gathering mail i was thinking in cyrus-imap and authentication tools but what would recomend me?
I wouldn't take cyrus because of it's proprietary mail storage format. I would stick to dovecot or courier-imap. Courier-imap has a companion web mail program called sqwebmail. 



should i use snor in every server or just one ?
Depends on your infrastructure. Snort is a network intrusion detection tool so it is important that it "sees" all network traffic. If you have the servers on a hub, put a snort machine (sensor) on that hub.
Generally I wouldn't install snort on any of the servers but on one or more sensor-machines with nics in listening mode without own ip-addresses. You should only attention that the sensors are really seeing all network-traffic. 



iptables are good enough?
If you are aware of it's limits (only packet-filtering, no application gateway), it's ok. You should consider taking a separate machine for firewalling, perhaps a non-linux one (self-built or appliance). OpenBSD is very good suited for this purpose. 


 -volker
Previous By Date Next
Previous By Thread Next

Current thread: