Date: Sat, 16 Jun 2001 14:19:03 -0400 From: Bill Moran <wmoran@iowna.com> To: Dave Atkins <dave@atkinshome.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: a single resource for small network basic security considerations Message-ID: <3B2BA317.FC3B8A57@iowna.com> References: <000701c0f68e$20cdefd0$0300a8c0@dave>
next in thread | previous in thread | raw e-mail | index | archive | help
Here are a few of the resources I use: 1. man pages for IPFW, natd. 2. FreeBSD handbook 3. www.freebsddiary.org 4. www.mostgraveconcern.com/freebsd/ Dave Atkins wrote: > > Sorry, I should stop posting before people start telling me to RTFM...but > this list is the most helpful resource I have been able to find. > > Is there a good online resource which goes into step-by-step detail about > how to set up and protect a small network--for example for a small startup > company? > > I have found tons of information, scattered all over the place, but no good > single resource. > > Here is the outline for what I believe would be the topics needed. I don't > expect people to answer these questions on this list, but if you have good > links and send them to me (dave@atkinshome.com), I will compose a > comprehensive article and repost it--or at least a link to a url. My > question for this list is whether someone else has already done this? > > 1) basic network architecture > how to set up a firewall machine > how to enable NAT including real IP to private IP aliasing > how to use ifpw to write rules that provide best security - and the > consequences of each rule > how to set up dhcp to provide addressing for the internal network and how > to deal with static ips > how to lock down the firewall machine by disabling vulnerable services and > setting system security > how can I monitor attempted intrusions? > > 2) enabling the internal network > Mail: what is most secure smtp strategy? (and howto do it) > bastion host outside firewall relaying to internal mail server or just > open a port to the internal server? > how do I prevent my mail server from becoming a spam relay? > latest sendmail config tweaks? > server configuration/security above and beyond packet filtering > covered above? > DNS configuration > I run my own DNS...should I poke a hole in the firewall or protect my > servers as best I can and leave them outside the firewall? > How do I handle DNS for the internal network, given that I have these > external DNS servers going too? > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message -- If a bird in the hand is worth two in the bush, then what can I get for two hands in the bush? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B2BA317.FC3B8A57>