best distro for security - Security

This is a discussion on best distro for security - Security ; Hi, I'd like to place a Linux-based pc to handle my internet connection, getting it from the adls line and sourcing it to the pc on a Windows-based net. It has to be placed as a "filter" in between the ...

+ Reply to Thread
Page 1 of 3 1 2 3 LastLast
Results 1 to 20 of 58

Thread: best distro for security

  1. best distro for security

    Hi,

    I'd like to place a Linux-based pc to handle my internet connection,
    getting it from the adls line and sourcing it to the pc on a
    Windows-based net. It has to be placed as a "filter" in between the
    internet and the Win computers. Which distro would you suggest me? Any
    comments, tips, tricks on the way I should do that?

    Thanks so much for youyr help,
    Marco


  2. Re: best distro for security

    "Marco" (06-08-07 08:38:46):

    > I'd like to place a Linux-based pc to handle my internet connection,
    > getting it from the adls line and sourcing it to the pc on a
    > Windows-based net. It has to be placed as a "filter" in between the
    > internet and the Win computers. Which distro would you suggest me? Any
    > comments, tips, tricks on the way I should do that?


    There is no 'best' distribution to do this. I wouldn't recommend Linux
    at all for this kind of task. Usually BSD-based operating systems are
    more secure at this. Take a look at OpenBSD [1]. If you still want to
    do it with Linux, then I would recommend Debian [2], although personally
    I would prefer other distributions.


    Regards,
    E.S.


    References:
    [1] http://www.openbsd.org/
    [2] http://www.debian.org/

  3. Re: best distro for security

    Marco wrote:

    > Hi,
    >
    > I'd like to place a Linux-based pc to handle my internet connection,
    > getting it from the adls line and sourcing it to the pc on a
    > Windows-based net. It has to be placed as a "filter" in between the
    > internet and the Win computers. Which distro would you suggest me? Any
    > comments, tips, tricks on the way I should do that?
    >
    > Thanks so much for youyr help,
    > Marco


    I would suggest a Linux distribution built to be a firewall. There are
    several listed here:

    http://www.linuxlinks.com/Distributions/Secure/

    The best distro for you depends on your needs and experience.

    --
    Still waiting for a rational answer from Bittwister to this:
    .

  4. Re: best distro for security

    Marco wrote:

    > Hi,
    >
    > I'd like to place a Linux-based pc to handle my internet connection,
    > getting it from the adls line and sourcing it to the pc on a
    > Windows-based net. It has to be placed as a "filter" in between the
    > internet and the Win computers. Which distro would you suggest me? Any
    > comments, tips, tricks on the way I should do that?
    >
    > Thanks so much for youyr help,
    > Marco


    So... you want a linux router with firwall features and probably NAT... Look
    at http://ipcop.org. Excellent solution.


    --

    Jerry McBride

  5. Re: best distro for security

    Ertugrul Soeylemez wrote:

    > "Marco" (06-08-07 08:38:46):
    >
    >> I'd like to place a Linux-based pc to handle my internet connection,
    >> getting it from the adls line and sourcing it to the pc on a
    >> Windows-based net. It has to be placed as a "filter" in between the
    >> internet and the Win computers. Which distro would you suggest me? Any
    >> comments, tips, tricks on the way I should do that?

    >
    > There is no 'best' distribution to do this. I wouldn't recommend Linux
    > at all for this kind of task. Usually BSD-based operating systems are
    > more secure at this. Take a look at OpenBSD [1]. If you still want to
    > do it with Linux, then I would recommend Debian [2], although personally
    > I would prefer other distributions.
    >
    >
    > Regards,
    > E.S.
    >
    >
    > References:
    > [1] http://www.openbsd.org/
    > [2] http://www.debian.org/


    Hmmm... I see linux being embeded on all kinds of security appliances...
    where's bsd being used in a $30.00 router?


    --

    Jerry McBride

  6. Re: best distro for security

    Jerry McBride (06-08-07 19:50:54):

    > > There is no 'best' distribution to do this. I wouldn't recommend
    > > Linux at all for this kind of task. Usually BSD-based operating
    > > systems are more secure at this. Take a look at OpenBSD [1]. If
    > > you still want to do it with Linux, then I would recommend Debian
    > > [2], although personally I would prefer other distributions.

    >
    > Hmmm... I see linux being embeded on all kinds of security
    > appliances... where's bsd being used in a $30.00 router?


    This is a marketing issue. In most companies, all computers are
    supplied with Windows, and even the server runs it. So Windows is more
    secure than anything else?


    Regards,
    E.S.

  7. Re: best distro for security

    Hi,

    I thank you for all the suggestions made so far, others are welcome
    too, but I need to say that:
    1) I'm not that familiar with linux, I mean, I have made some C
    programming under it (2.4 kernel in an embedded system) and I played
    around with Mandrake, but not that much, so I can be consider a newbie.
    Starting from this point is it OpenBSD more difficult to work with? I'm
    not worried to learn, but I'd like to ask before.
    2) some more informations on what I need to do. My actual system has
    all WinXP machines, just one is connected to the internet with an ADSL
    modem and it shares this connection with the other pcs on the LAN. As
    long as this WinXP barrier to internet is so weak, I'd like to change
    it with another OS, like Linux or OpenBSD, more secure, able to easily
    recognize my modem and simple in sharing the connection with the pc
    connected with it on the internal LAN.

    Thanks,
    Marco



    Ertugrul Soeylemez wrote:
    > Jerry McBride (06-08-07 19:50:54):
    >
    > > > There is no 'best' distribution to do this. I wouldn't recommend
    > > > Linux at all for this kind of task. Usually BSD-based operating
    > > > systems are more secure at this. Take a look at OpenBSD [1]. If
    > > > you still want to do it with Linux, then I would recommend Debian
    > > > [2], although personally I would prefer other distributions.

    > >
    > > Hmmm... I see linux being embeded on all kinds of security
    > > appliances... where's bsd being used in a $30.00 router?

    >
    > This is a marketing issue. In most companies, all computers are
    > supplied with Windows, and even the server runs it. So Windows is more
    > secure than anything else?
    >
    >
    > Regards,
    > E.S.



  8. Re: best distro for security

    Marco wrote:

    > Hi,
    >
    > I thank you for all the suggestions made so far, others are welcome
    > too, but I need to say that:
    > 1) I'm not that familiar with linux, I mean, I have made some C
    > programming under it (2.4 kernel in an embedded system) and I played
    > around with Mandrake, but not that much, so I can be consider a newbie.
    > Starting from this point is it OpenBSD more difficult to work with? I'm
    > not worried to learn, but I'd like to ask before.
    > 2) some more informations on what I need to do. My actual system has
    > all WinXP machines, just one is connected to the internet with an ADSL
    > modem and it shares this connection with the other pcs on the LAN. As
    > long as this WinXP barrier to internet is so weak, I'd like to change
    > it with another OS, like Linux or OpenBSD, more secure, able to easily
    > recognize my modem and simple in sharing the connection with the pc
    > connected with it on the internal LAN.
    >
    > Thanks,
    > Marco


    Looks like you need an easy to use distro configured to be a firewall:

    http://www.endian.it/en/community/about/features/



    --
    Still waiting for a rational answer from Bittwister to this:
    .

  9. Re: best distro for security

    Marco wrote:

    > Hi,
    >
    > I'd like to place a Linux-based pc to handle my internet connection,
    > getting it from the adls line and sourcing it to the pc on a Windows-based
    > net. It has to be placed as a "filter" in between the internet and the Win
    > computers. Which distro would you suggest me? Any comments, tips, tricks
    > on the way I should do that?


    http://www.linuxsecurity.com/docs/colsfaq.html#2.4

  10. Re: best distro for security

    "Marco" (06-08-07 23:42:43):

    > 1) I'm not that familiar with linux, I mean, I have made some C
    > programming under it (2.4 kernel in an embedded system) and I played
    > around with Mandrake, but not that much, so I can be consider a
    > newbie. Starting from this point is it OpenBSD more difficult to work
    > with? I'm not worried to learn, but I'd like to ask before.


    From the user perspective, BSDs are very similar to Linux. I haven't
    used any, though, so I can't tell you much about them. As I said
    indirectly: I still prefer Linux, although I'm worried about its
    current development.


    > 2) some more informations on what I need to do. My actual system has
    > all WinXP machines, just one is connected to the internet with an ADSL
    > modem and it shares this connection with the other pcs on the LAN. As
    > long as this WinXP barrier to internet is so weak, I'd like to change
    > it with another OS, like Linux or OpenBSD, more secure, able to easily
    > recognize my modem and simple in sharing the connection with the pc
    > connected with it on the internal LAN.


    Yes, that's a wise choice. Windows is a security threat, at least in
    its default configuration.


    Regards,
    E.S.

  11. Re: best distro for security

    Has anyone idea on how to configure Linux on one side and the Win
    platforms on the other side in order to share the internet connection?
    The Linux machine gets the direct connection to the modem, while it is
    linked to the other pcs through a LAN switch, where all machines are
    attached.
    Another question, if a get a firewall-oriented distro, like IPCop or
    similar, am I limited in the software I can use with that OS? I mean
    other distros may have more software they can work with and they may
    have better support and drivers range... am I wrong?

    Thanks,
    Marco



    Ertugrul Soeylemez wrote:
    > "Marco" (06-08-07 23:42:43):
    >
    > > 1) I'm not that familiar with linux, I mean, I have made some C
    > > programming under it (2.4 kernel in an embedded system) and I played
    > > around with Mandrake, but not that much, so I can be consider a
    > > newbie. Starting from this point is it OpenBSD more difficult to work
    > > with? I'm not worried to learn, but I'd like to ask before.

    >
    > From the user perspective, BSDs are very similar to Linux. I haven't
    > used any, though, so I can't tell you much about them. As I said
    > indirectly: I still prefer Linux, although I'm worried about its
    > current development.
    >
    >
    > > 2) some more informations on what I need to do. My actual system has
    > > all WinXP machines, just one is connected to the internet with an ADSL
    > > modem and it shares this connection with the other pcs on the LAN. As
    > > long as this WinXP barrier to internet is so weak, I'd like to change
    > > it with another OS, like Linux or OpenBSD, more secure, able to easily
    > > recognize my modem and simple in sharing the connection with the pc
    > > connected with it on the internal LAN.

    >
    > Yes, that's a wise choice. Windows is a security threat, at least in
    > its default configuration.
    >
    >
    > Regards,
    > E.S.



  12. Re: best distro for security

    Marco wrote:
    > Hi,
    >
    > I thank you for all the suggestions made so far, others are welcome
    > too, but I need to say that:
    > 1) I'm not that familiar with linux, I mean, I have made some C
    > programming under it (2.4 kernel in an embedded system) and I played
    > around with Mandrake, but not that much, so I can be consider a newbie.
    > Starting from this point is it OpenBSD more difficult to work with? I'm
    > not worried to learn, but I'd like to ask before.
    > 2) some more informations on what I need to do. My actual system has
    > all WinXP machines, just one is connected to the internet with an ADSL
    > modem and it shares this connection with the other pcs on the LAN. As
    > long as this WinXP barrier to internet is so weak, I'd like to change
    > it with another OS, like Linux or OpenBSD, more secure, able to easily
    > recognize my modem and simple in sharing the connection with the pc
    > connected with it on the internal LAN.
    >
    > Thanks,
    > Marco
    >
    >
    >
    > Ertugrul Soeylemez wrote:
    >> Jerry McBride (06-08-07 19:50:54):
    >>
    >>>> There is no 'best' distribution to do this. I wouldn't recommend
    >>>> Linux at all for this kind of task. Usually BSD-based operating
    >>>> systems are more secure at this. Take a look at OpenBSD [1]. If
    >>>> you still want to do it with Linux, then I would recommend Debian
    >>>> [2], although personally I would prefer other distributions.
    >>> Hmmm... I see linux being embeded on all kinds of security
    >>> appliances... where's bsd being used in a $30.00 router?

    >> This is a marketing issue. In most companies, all computers are
    >> supplied with Windows, and even the server runs it. So Windows is more
    >> secure than anything else?
    >>
    >>
    >> Regards,
    >> E.S.

    >

    Why not use a router to connect your modem to your WinXP computers?
    There are a lot of pretty good, low cost routers available that have
    both firewalls and NAT. Couple the router with a good Windows
    firewall/anti-virus and you are pretty safe. Keep you WinXP up to date.

    I like Linux and OpenBSD but if you do not have a lot of experience with
    either of these systems there is a pretty long learning curve (during
    which you can make a lot of really big bad mistakes).

    --
    ----------------
    Barton L. Phillips
    Applied Technology Resources, Inc.
    Tel: (818)652-9850
    Web: http://www.applitec.com

  13. Re: best distro for security

    "Barton L. Phillips" (06-08-08 16:43:52):

    > Why not use a router to connect your modem to your WinXP computers?
    > There are a lot of pretty good, low cost routers available that have
    > both firewalls and NAT. Couple the router with a good Windows
    > firewall/anti-virus and you are pretty safe. Keep you WinXP up to
    > date.


    Because many, if not most routers out there are inherently flawed, and
    they advertise features which are really dangerous, like UPnP, as
    something exciting. The naive user enables it, because it sounds pretty
    useful, and by this, in fact, enables one huge security hole.


    > I like Linux and OpenBSD but if you do not have a lot of experience
    > with either of these systems there is a pretty long learning curve
    > (during which you can make a lot of really big bad mistakes).


    You're still stuck in the 90s, where that was true to some point.
    Today, however, most distributions come with comfortable TUIs to do
    those tasks.


    Regards,
    E.S.

  14. Re: best distro for security

    "Marco" (06-08-08 04:00:57):

    > Has anyone idea on how to configure Linux on one side and the Win
    > platforms on the other side in order to share the internet connection?
    > The Linux machine gets the direct connection to the modem, while it is
    > linked to the other pcs through a LAN switch, where all machines are
    > attached.


    You would use something like rp-pppoe (in case of PPPoE) or lone pppd
    (in case of normal PPP) to establish your internet connection. Then you
    have some network interface called ppp0 or similar. Now you just need
    to enable IP forwarding. Many distributions provide simple facilities
    to do this, but at the low level, you would issue the following command:

    # echo 1 > /proc/sys/net/ipv4/ip_forward

    However, if your distribution provides such facilities, you should use
    them, as otherwise you had to issue that command after each reboot.

    When it comes to NAT or NPT, then things get a bit more complicated.
    The easiest way is to use a user interface for that, which most
    distributions provide. Then it's as simple as entering the port ranges
    and destination addresses. If you don't have them, then you again have
    to do it at the low level. See the iptables man-page to learn more, or
    visit the Netfilter homepage [1].


    > Another question, if a get a firewall-oriented distro, like IPCop or
    > similar, am I limited in the software I can use with that OS? I mean
    > other distros may have more software they can work with and they may
    > have better support and drivers range... am I wrong?


    Depends. Most specific-purpose distributions are limited to a
    pre-chosen set of programs (where you may or may not have some limited
    degree of choice), which you work with. They are more or less complete
    for that particular purpose, but if you need more flexibility, then
    you'll want to use a general-purpose distribution like Debian [2].


    Regards,
    E.S.


    References:
    [1] http://www.netfilter.org/
    [2] http://www.debian.org/

  15. Re: best distro for security


    Ertugrul Soeylemez wrote:
    > > Has anyone idea on how to configure Linux on one side and the Win
    > > platforms on the other side in order to share the internet connection?
    > > The Linux machine gets the direct connection to the modem, while it is
    > > linked to the other pcs through a LAN switch, where all machines are
    > > attached.

    [...]
    > When it comes to NAT or NPT, then things get a bit more complicated.
    > The easiest way is to use a user interface for that, which most
    > distributions provide. Then it's as simple as entering the port ranges
    > and destination addresses. If you don't have them, then you again have
    > to do it at the low level. See the iptables man-page to learn more, or
    > visit the Netfilter homepage [1].


    Well I have done that once with a box. You first have to enable the
    forwarding thing. The command to enable NAT is quite simple:

    iptables -t nat -A POSTROUTING
    -o ppp0
    -j MASQUERADE

    Where ppp0 is the interface which is connected to the internet. This command
    masquerades everything that is routed through the ppp0 interface. I would
    also block all incoming connection requests that come from ppp0:

    iptables -A INPUT -m state –-state NEW
    -i ppp0
    -j DROP

    I know that this is nothing really secure, but for small people like me it
    is enough

  16. Re: best distro for security

    Ertugrul Soeylemez writes:

    >"Marco" (06-08-08 04:00:57):


    >> Has anyone idea on how to configure Linux on one side and the Win
    >> platforms on the other side in order to share the internet connection?
    >> The Linux machine gets the direct connection to the modem, while it is
    >> linked to the other pcs through a LAN switch, where all machines are
    >> attached.


    >You would use something like rp-pppoe (in case of PPPoE) or lone pppd


    No. That depends entirely on the modem you have and your ISP. For example
    here in canada the modems operate in bridged mode. No pppoe, no pppoa. And
    some modems already have pppoe negotiation built into the modem.

    These are all issues you need to take up with your ISP.

    >(in case of normal PPP) to establish your internet connection. Then you
    >have some network interface called ppp0 or similar. Now you just need
    >to enable IP forwarding. Many distributions provide simple facilities
    >to do this, but at the low level, you would issue the following command:


    > # echo 1 > /proc/sys/net/ipv4/ip_forward


    >However, if your distribution provides such facilities, you should use
    >them, as otherwise you had to issue that command after each reboot.


    Well no, you can always put it into a script which is what the distros do.


    >When it comes to NAT or NPT, then things get a bit more complicated.
    >The easiest way is to use a user interface for that, which most
    >distributions provide. Then it's as simple as entering the port ranges
    >and destination addresses. If you don't have them, then you again have
    >to do it at the low level. See the iptables man-page to learn more, or
    >visit the Netfilter homepage [1].



    >> Another question, if a get a firewall-oriented distro, like IPCop or
    >> similar, am I limited in the software I can use with that OS? I mean
    >> other distros may have more software they can work with and they may
    >> have better support and drivers range... am I wrong?


    >Depends. Most specific-purpose distributions are limited to a
    >pre-chosen set of programs (where you may or may not have some limited
    >degree of choice), which you work with. They are more or less complete
    >for that particular purpose, but if you need more flexibility, then
    >you'll want to use a general-purpose distribution like Debian [2].



  17. Re: best distro for security

    mikrotik.com has some really awesome looking embedded linux-based
    RouterOS appliances. I have never used them, but What I have heard
    sounds awesome. Can't wait to get my hands on one.

    If you want to make your own, I highly recommend OpenBSD. A while ago I
    made a stateless firewall with an ancient PC using OpenBSD that worked
    beautifully.

    Marco wrote:
    > Hi,
    >
    > I'd like to place a Linux-based pc to handle my internet connection,
    > getting it from the adls line and sourcing it to the pc on a
    > Windows-based net. It has to be placed as a "filter" in between the
    > internet and the Win computers. Which distro would you suggest me? Any
    > comments, tips, tricks on the way I should do that?
    >
    > Thanks so much for youyr help,
    > Marco



  18. Re: best distro for security

    On 2006-08-07, Jerry McBride wrote:

    > Hmmm... I see linux being embeded on all kinds of security appliances...
    > where's bsd being used in a $30.00 router?


    NetBSD is used on many embedded systems, including routers.

    --

    John (john@os2.dhs.org)

  19. Re: best distro for security

    On 2006-08-08, Ertugrul Soeylemez wrote:

    > From the user perspective, BSDs are very similar to Linux. I haven't
    > used any, though, so I can't tell you much about them. As I said
    > indirectly: I still prefer Linux, although I'm worried about its
    > current development.


    The advantage *BSD has, especially for special-purpose applications, is
    that the operating system and its applications are developed as a unit,
    while in linux the kernel is developed separately from the applications.
    When you update a *BSD system, you don't just update the kernel, you
    update all the programs that come with it as well. The downside is that
    updates are fewer and further between than with linux, but the upside is
    that they are all developed and tested together before they are
    released.

    --

    John (john@os2.dhs.org)
    3 linux, 2 NetBSD, and 1 FreeBSD here...

  20. Re: best distro for security

    On 2006-08-08, Ertugrul Soeylemez wrote:
    > Now you just need to enable IP forwarding. Many distributions provide
    > simple facilities to do this, but at the low level, you would issue
    > the following command:
    >
    > # echo 1 > /proc/sys/net/ipv4/ip_forward
    >
    > However, if your distribution provides such facilities, you should use
    > them, as otherwise you had to issue that command after each reboot.


    Wouldn't it be better/cleaner to configure it in /etc/sysctl.conf?

    --
    |\_/| ,(Meow) Jesper H.
    (^.^)
    `^' Sanity is an illusion

+ Reply to Thread
Page 1 of 3 1 2 3 LastLast