[LUNI] Making a private network somewhat public.

Wed Dec 12 07:47:52 CST 2007

I appreciate the responses.  To make sure I understand correctly.

1) If I replace my old SMC barricade with a new router like a 50.00 linksys
I will hopefully gain a measure of security.  Is there a more expensive
router that I can buy that will give me even greater security?

2) If behind this router I connect one of the machines that is connected to
the internet to my LAN via a second NIC card and merely use this machine as
an SMPT  gateway that only accesses the MySQL server to generate data to be
sent via email, would this would be the most secure way to provide the sort
of limited access I need?

3) I further understand that I would need to run IP tables on this SMPT
gateway machine and I should build it with a striped down OS. Perhaps just
MySQL client perl DBI.  No Xwindows, no ssh, no anyhing that is not
absolutely necessary for the machine to complete it's limited tasks.

4) Of the seven pcs on the linux LAN some are very old running distros as
old as RH 7.2.  IPtables is not running on any of them and some are have ftp
server running so that new program files can be swapped about regularly.  Is
this a problem?  Does it significantly increase the networks risk?

5) If I waat to go a step further.  When I get it all set up I should hire
someone to try and hack in to see just how secure my network is?  Is this a
good idea? If so does anyone know where I could hire someone relatively
skillful for a reasonable price for this assignment?

Thank so much for the help.  I really appreciate the responses hopefully
they can serve as a useful primer to basic linux security for others as
well.

Richard

On Dec 11, 2007 5:04 PM, Tom Printy <tprinty at mail.edisonave.net> wrote:

> It is possible but if you were to use some type of firewall then this
> helps reduce the likely hood of that happening. A 50.00 linksys firewall
> should offer you decent protection.
>
> -Tom
>
>
> On Tue, 2007-12-11 at 16:19 -0600, Richard Reina wrote:
> > If I allow one machine that is already connected to the internet (
> behind a
> > router of course) to stay connected to my LAN.  Couldn't my LAN still be
> > hacked through that machine (the one that is connected through the
> > internet).  Is this likely?
> >
> > On Dec 11, 2007 1:47 PM, Tom Printy <tprinty at mail.edisonave.net> wrote:
> >
> > > What about using anther system that has internet access to generate
> the
> > > report. You can setup MySQL to only allow this system and the 7 others
> > > to access the DB. The report system would hit the MySQL instance and
> > > then be allowed to send out the email reports. You should still
> consider
> > > some type of hardware based firewall or turning ip an iptables based
> > > firewall on the box that will connect to the Internet.
> > >
> > >
> > > On Tue, 2007-12-11 at 13:26 -0600, Richard Reina wrote:
> > > > I have a small linux LAN (7 pcs) that runs a homemade database
> > > application
> > > > (perl mysql).  They've had little if any reason to need to be
> connected
> > > to
> > > > the internet and due to my lack of prowess as a system admin and to
> the
> > > fact
> > > > that any loss of data or interuption would be very disruptive, I
> have
> > > > elected to keep it that way.  However, there is an increasing need
> for
> > > me to
> > > > be able to send reports that are generated by the application via
> email
> > > --
> > > > without me having to go to another computer that is connected to the
> > > > internet and retype the report.
> > > >
> > > > Can anyone give me some suggestions on the most secure way to allow
> > > access
> > > > to sending emails and the level of risk associated with doing so.
> > > >
> > > > Thanks for any ideas.
> > > >
> > > > Richard
> > >
> > > --
> > > Linux Users Of Northern Illinois - Technical Discussion
> > > http://luni.org/mailman/listinfo/luni
> > >
>
> --
> Linux Users Of Northern Illinois - Technical Discussion
> http://luni.org/mailman/listinfo/luni
>