Security
Subscribe to this site with RSS
Protecting Linux servers
I am starting to move my company to Linux as the server platform of choice. With the seemingly continual stream of alerts
about the different hacks possible, I know that I should put some type of firewall in place to protect the servers. What
are my options?
-- Via the Internet
You have several options to consider. Linux has firewall functionality in it by the name of iptables. While there is some documentation on the man pages on how to set this up, there are also several books on the market that go into further detail. Take a look at Linux Firewalls by Robert Ziegler. Another reference that you should have in your library is Linux IP Tables by Joe Dupnik and the folks at Mindworksuk.com. This CD, while not a cookbook or exhaustive technical reference, will help get you thinking in the manner that will the process of going to iptables as painless as possible. A nice utility included in the package is a KDE GUI that will make the process even more streamlined to deal with and even give you some limited network monitoring ability in the process.
Depending on how many servers you have, you can implement iptables on each server as appropriate for the services running on each particular server. This means that you will need to maintain a firewall on each server that you implement iptables on. This will work well if you only have a small number of servers.
But if you have a lot of servers, it probably makes sense to go with a central firewall - with a single central iptable configuration - that all workstations on your network will go through to reach a particular server. With this approach, however, be sure the firewall server can handle all the traffic going through it from all the devices on your network. And make sure the server is reliable, because if it crashes, you'll either need to switch to a backup firewall server or you'll have to do some quick reconfiguring of all the servers it's protecting to answer workstation requests directly.
Another approach is to use one of the bootable firewall distros that you will find on sourceforge.net and other sites. With some of these distributions, you can save the firewall config to a floppy or USB memory key - letting you quickly set up new or replacement firewalls. Since you're new to linux, this approach might make more sense initially, because you won't need to spend as much time getting up to speed on both Linux and iptables. Or you could just use one of the commercially available firewalls to provide this functionality until you are ready to make the move to iptables.
| Use this form to start a public discussion with other Linux World users on this article. Log In | Register for an account (Why you should) |
Note: Register to have your user name appear; otherwise your comment will show up as "Anonymous."
*Anonymous comments will only appear once they are approved by the moderator.
• Dell puts Linux and Atom in Vostro PCs
• Mozilla names best Firefox 3 add-ons
• Torvalds: Fed up with the 'security circus'
• Dell Latitude ON - big win for Linux
• Open source advocates hail appeals court ruling
LinuxWorld Conference and Expo San Francisco, August 4-7, 2008.
Linux Plumbers Conference Portland, OR, Sept. 16-19, 2008.
FreedomHEC Santa Monica, November 8-9, 2008.
Featured Whitepapers