Home page logo
/

basics logo Security Basics mailing list archives

Re: big security questions the deny access guy return
From: Volker Kindermann <ml () ps102 de>
Date: Tue, 07 Dec 2004 10:00:01 +0100

Hi Carlos,


about dns what bind do you recomend and how can i protect it i would like to install snort to see if somebody is trying to attack in my server so should i use bind 8 or bind 9 and should i use a chrooted schema or not? what other security risk do i have to address?

regarding dns you should consider two things:

- is it possible for you to switch from bind to djbdns? The later is more secure, simpler, but has a totally different "mindset". Configuration is different but easier. You should check if the functionality of djbdns is sufficient for you.

- if you can't switch to djbdns please take bind 9. Do not use bind 8. And of course you shoud chroot bind.


about mail i was thinking in using postfix in place of sendmail is this a good idea?

Yes. Again, postfix configuration is simpler, the program was written with security in mind and is very performant. No negativ experiences with postfix here.


for gathering mail i was thinking in cyrus-imap and authentication tools but what would recomend me?

I wouldn't take cyrus because of it's proprietary mail storage format. I would stick to dovecot or courier-imap. Courier-imap has a companion web mail program called sqwebmail.


should i use snor in every server or just one ?

Depends on your infrastructure. Snort is a network intrusion detection tool so it is important that it "sees" all network traffic. If you have the servers on a hub, put a snort machine (sensor) on that hub.

Generally I wouldn't install snort on any of the servers but on one or more sensor-machines with nics in listening mode without own ip-addresses. You should only attention that the sensors are really seeing all network-traffic.


iptables are good enough?

If you are aware of it's limits (only packet-filtering, no application gateway), it's ok. You should consider taking a separate machine for firewalling, perhaps a non-linux one (self-built or appliance). OpenBSD is very good suited for this purpose.


 -volker


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault