Securing your Environment, Part One
Source: linux-mag.com - Posted by Vincenzo Ciaglia   
Security Surprisingly, securing a site’s production environment is a task that many ignore until it’s too late. But the task need not be so onerous. Several LAMP tools can help shore up security. This month and next, let’s look at two LAMP-based tools that can help protect your environment: Big Fish Firewall for deploying and configuring netfilter- based firewalls, and SNORT for intrusion detection. Once you realize how simple these tools are to deploy, you’ll want to get started immediately rather than after your first security incident.


There are many commercial firewall products available, and vendors sell options suited to corporations, individuals, and sites of all sizes in between. For example, Checkpoint (http://www.checkpoint.com/) manufactures firewalls and several other security products for production environments, and Cisco (http://www.cisco.com) offers the PIX series of firewalls for every site from home offices to Internet service providers. While both Checkpoint and Cisco offer products that are full-featured, robust, and reliable, deploying and managing these devices can be costly and can require a significant learning curve.

Luckily, the TCP/IP stack in the Linux operating system is very robust, featuring extensive packet filtering, network address translation (NAT), and other advanced firewall functions. Additionally, the netfilter package provides simple load-balancing for high-availability systems.

In effect, you can deploy a commercially viable firewall solely on Linux, running the free operating system you already know on low-cost hardware in all layers of your network. To be fair, however, one of the most significant drawbacks of Linux firewall solutions — netfilter included — is usability. netfilter is sometimes called a “wild beast,? as developing iptables rulesets can be a daunting task for even the most experienced network administrators.

Read this full article at linux-mag.com

Only registered users can write comments.
Please login or register.

Powered by AkoComment!