[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] I got hacked.........



So, without shooting you, let me ask why your email server is on the outside of
the firewall.  I can understand how it would be a little easier to have the
email server on the outside, but it is asking for trouble.  Probably (in my
mind) the best way to set up an email server is to have the firewall relay
between the district or ISP mail relay and your internal server.  This way the
email is only on an "outside" box for the amount of time it is on your
firewall.  Then it can be stored on the internal server with as little risk as
possible.  If you end up having public IP addresses on the inside, you can set
up your firewall to allow traffic to flow between the outside mail relay and
your internal server.  As for your web server, that might be best on a DMZ. 
Ideally you would need to seperate the email server and the web server. 
Perhaps you could leave DNS on the same box as your web server, or you could
put it on the same one as your email server, but it would still have to be on
the inside.

There's my two bits.
--Nick

--- Michael Cortes <cortesm flb fortleboeuf net> wrote:
> On Tue, 9 Apr 2002, Max Pakhutkin wrote:
> 
> > To add to all the good advice given so far on this topic, the best 
> > philosophy to assume with regard to security is
> > 1) you will never be totally secure, sooner or later something will get 
> > compromised. This is actually true, not just a belief.
> 
> This is great advise.  
> 
> Don't shoot me for this, but let me update everyone where I stand.  This
> machine is not critical in the sense that it contains sensitive or
> confidential data.  It does not run any db services (i.e. mysql,
> postgresql), it is the only linux box I have *not* behind the firewall.
> 
> True, it is my email server and dns server.  It also is our web server,
> however, it's not commerce or used for daily necessary items.  If forced
> to, I can reload this server from scratch, probably quite easily.
> 
> However, since I am sure you know, if i force every teacher to change
> their passwords and shutdown the email server, I may end up with a lynch
> mob after me.  I know...I know..... it's necessary, but I am going to
> approach this without just dropping it on them.  In the meantime, I am
> taking the opportunity to learn more about this attack.  How did they get
> in?  What was my mistake?  How do I make it more secure? How do I better
> prepare my detection methods (which I still think were pretty good, I
> think this guy only broke in on Apr 8. That can be debated and
> investigated if anyone in interested) and most important do I still
> succesfully/easily operate without being hampered by security. (don't want
> to dosconnect my box from the net just so noone will hack it).
> 
> -- 
> Michael Cortes
> Fort LeBoeuf School District
> 34 East 9th Street
> PO Box 810
> Waterford PA 16441-0810
> 814.796.4795
> 
> 
> 
> 
> 
> _______________________________________________
> K12OSN mailing list
> K12OSN redhat com
> https://listman.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>


__________________________________________________
Do You Yahoo!?
Yahoo! Tax Center - online filing with TurboTax
http://taxes.yahoo.com/





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]