Question for security management and overhead and concerns

Tue Jun 6 17:07:41 UTC 2006

Hi, Lunt

Thank you for your input.  I appreciate your feedback.  I will try to 
work with our IT operation group to setup DMZ before we move on.

And also I appreciate comments from Jack/Miner for their advice. I will 
consider those.

yasushi

Lunt, Nick wrote:

>Hi Yasushi,
>
>if im understanding you correctly you want to have a free standing linux box connected directly to the internet supplying web based apps to the public ? 
>
>Here's my take, Im sure others will follow - do not do this.
>
>Instead put the server on your DMZ where it will be firewalled. 
>You dont want your application server sitting in the wild even if it has iptables setup. Its never a good idea to have a firewall acting as an app server anyway.
>
>However if you really have no choice ....
>
>Get iptables running on the box.
>Uninstall absolutely everything you dont need.
>Be prepared to get blacklisted cos about 24 hours after releasing this box into the wild it will be a hackers paradise.
>
>My 10p worth mate, take it or leave it ;)
>
>Nick .
>
>  
>
>>-----Original Message-----
>>From: Yasushi Okubo [mailto:yasushi at cabm.rutgers.edu]
>>Sent: 06 June 2006 13:35
>>To: General Red Hat Linux discussion list
>>Subject: Question for security management and overhead and concerns
>>
>>
>>Hi, experts
>>
>>We have a new project to place one of our linux servers outside our 
>>private network to provide public access to our web-based application.
>>But I know how to setup iptables, but do not have much experience for 
>>security management to protect this box from security threat through 
>>application servers like apache/tomcat.
>>
>>So, I would like to have advices/recommendations/warnings for the 
>>following issues [I am planning to install AS4.0 onto this 
>>machine] and 
>>install both apache/tomcat:
>>I am inclined to turn-off ssh/ftp access.
>>
>>1. any good security management software tools ?
>>2. other concerns by owning a server in public domain beside security
>>3. how many hours per day sys admin should expect to spend to 
>>mange such 
>>a machine
>>4. any web resources to manage such a machine
>>
>>Thank you,
>>yasushi
>>
>>-- 
>>redhat-list mailing list
>>unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>>https://www.redhat.com/mailman/listinfo/redhat-list
>>
>>Delivered using mail2.wesleyan.co.uk
>>
>>    
>>
>
>Wesleyan Administration Services Ltd registered number 5188850 and Wesleyan Unit Trust Managers Ltd registered number 2114859 ("WUTM Ltd") are wholly owned subsidiary companies of Wesleyan Assurance Society, whose registered number is ZC145. WUTM Ltd is a member of IMA. For ISA/PEP/Unit Trusts Administration Centre: PO Box 9033, Chelmsford, SM99 2WQ Telephone: 0870 601 6129 Wesleyan Assurance Society and WUTM Ltd are authorised and regulated by the Financial Services Authority. Head Office, Colmore Circus, Birmingham B4 6AR. Telephone: 0121 200 3003 Fax 0121 200 2971. Website: www.wesleyan.co.uk Telephone calls may be recorded for monitoring and training purposes.
>
>CONFIDENTIALITY NOTICE
>
>This communication and the information it contains is intended for the person or organisation to whom it is addressed. Its contents are confidential and may be protected in law. Unauthorised use, copying or disclosure of any of it may be unlawful. If you are not the intended recipient, please contact us immediately.
>
>The contents of any attachments in this e-mail may contain software viruses, which could damage your own computer system. While every reasonable precaution to minimise this risk has been taken, we cannot accept liability for any damage that you sustain as a result of software viruses. You should carry out your own virus checking procedure before opening any attachment.
>
>Delivered using mail2.wesleyan.co.uk
>
>
>  
>