On Sat, 26 Aug 2000, Robert Friberg wrote:
>
> Hi,
>
>
> I have a RH box as webserver on our corporate lan,
> the lan has a direct internet connection and the box is
> accessible from outside. We use samba for fileaccess
> on the server, is this a bad setup securitywise?
>
If you are using the default Samba config, it is. You nees to specify
the IP address range that can connect to this machine, and make sure you
block this range at your firewall. (You are doing this already, right?)
A better setup is to use 2 NICs in this machine, and tell Samba to only
listen on the one that connects to your inside network. Also, run IP
chains and block everything except access to your web server from the
NIC connected to the internet. Compile a costum kernel with out IP
forwarding, so that if your server does get cracked, it is harder to use
it to attack the rest of your network. Strip out all unneeded programs
from the server, to make things as hard as posible for someone that does
crack it.
There are still risks doing it this way, but it is a risk to have a
server connected to the net. As long as you know the risks, are willing
to accept them, and do what you can to limmit the damage that can be
done...
Mikkel
--
Do not meddle in the affairs of dragons,
for you are crunchy and taste good with ketchup.
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
