Annotated edit history of
SecurityServer version 5, including all changes.
View license author blame.
| Rev |
Author |
# |
Line |
| 1 |
CraigBox |
1 |
As part of the LinuxServer project, and more importantly as part of my job, I've been looking at configuring and setting up a "security server". |
| |
|
2 |
|
| |
|
3 |
!What |
| |
|
4 |
|
| |
|
5 |
SecurityServer = FireWall + VirtualPrivateNetwork Server + IntrusionDetection + .. whatever |
| |
|
6 |
|
| |
|
7 |
!Why |
| |
|
8 |
|
| |
|
9 |
Small to medium businesses. |
| |
|
10 |
|
| |
|
11 |
A number of Hamilton IT companies with Wiki-associated staff have built or sold firewall systems based on RedHat [Linux]. One uses a KickStart install, one simply untars its filesystem etc. A standardised system would be easier for everyone involved, would make updating much easier (DebianLinux and apt(8) instead of Red Hat), and would generally make me a happy person. |
| |
|
12 |
|
| 4 |
CraigBox |
13 |
The reasoning behind a "security server" derives from the fact that one firewalling paradigm is to run a firewall with no services whatsoever, and another is to run it on the same machine as some of your servers. A small company only has one IP which can only be terminated on the firewall (and some services don't NAT well). A small company can't afford to have lots of discrete servers. So. due to these practical concerns, you have to run a few services on your internet facing machine. (Dangerous ones may be chosen to be run only internally) |
| 3 |
PerryLorier |
14 |
|
| |
|
15 |
This system is designed to work with a LinuxServer (or as excellent first line protection for a Windows server) and provide all the security related functions for the network, leaving the central server to do the mail/files/whatever. |
| 1 |
CraigBox |
16 |
|
| |
|
17 |
This server shouldn't share a common user auth with the rest of the network. |
| |
|
18 |
|
| |
|
19 |
!How |
| |
|
20 |
|
| 2 |
CraigBox |
21 |
|
| |
|
22 |
* DebianLinux |
| 5 |
CraigBox |
23 |
* AutomatedInstallation |
| 2 |
CraigBox |
24 |
* PerrysFirewallingScript |
| |
|
25 |
* [PPTP] |
| |
|
26 |
* FreeSwan |
| 1 |
CraigBox |
27 |
|
| |
|
28 |
etc.. |
| |
|
29 |
|
| |
|
30 |
!When |
| |
|
31 |
|
| |
|
32 |
I'll keep this updated as the project develops - playing with kernels and autoinstall at the moment - but suggested features are welcome... hopefully before Anzac Day I should have an installation that at least installs something. |
