Public-facing Unix/Linux systems

Zirotek · May 9, 2011

Hey all,

I'm a 3rd year IT student and my minor is database Admin. I was just wondering if you guys/girls could help give me some clarity on something I'm a little hazy on because I cant seem to find anything on Google.

I'm looking into public-facing UNIX/Linux systems (are these just systems that are used by the public?) and ways in which you can "harden" them. I'm not really looking for coding but just methods that can be used.

Thanks
Ziro

jobeard · May 9, 2011

Zirotek said: ↑

I'm looking into public-facing UNIX/Linux systems (are these just systems that are used by the public?)

Recall that these systems are primarily Server system and not desktops.
(yea, we see users with the DT versions, but that's a minority use for these OSs).
A public facing system is one with direct access to the internet (ignoring the physical wiring).
Such systems might be a web server, public DNS for the company 'public services' and or LDAP, Email servers. Have you see this topology yet?

ISP==Firewall#1---DMZ systems ---Firewall#2----Internal infrastructure
Everything in the DMZ is public facing.

and ways in which you can "harden" them. I'm not really looking for coding but just methods that can be used.

Harding per se is purely configuration issues;

Close unnecessary ports

Use a bi-directional firewall

Activate an IDS and monitor it

Crossing Firewall#2 is also tightly controlled as the goods on the otherside are the gems of the company.
A common technique is to disallow common ports (eg 80,443, 20,21, 25,110,143)
and to remap them into non-standard choices (eg 10080,10443, 10020, 10021, 10025,10110,100143)
and a proxy server to control access

You should know that everything in the DMZ is subject to being compromised and therefore
a complete scratch-and-rebuild process should be in place for every component.

Zirotek · May 9, 2011

Thanks jobeard,
I asked my lecturer what a public facing computer was and he just said "its a computer without a password". Thanks for adding in detail, I can see where you're coming from and no longer have to scour the internet for a straight forward answer.
Champion!

jobeard · May 9, 2011

Zirotek said: ↑

Thanks jobeard,
I asked my lecturer what a public facing computer was and he just said "its a computer without a password".

OUCH
The willingness to make such a careless comment certainly casts a poor shaddow over the information you are receiving.
HOWEVER, use your mental facilities and don't critique him/her - - EVER.

Using a quote from a famous book:

Acts 17:11 Now the latter were more noble-minded than those in Thessalonica, for they ... were carefully examining as to whether these things were so.

I'll also mention a comment from the '60s which seems to apply:

those that can DO and the others teach or preach.

TechSpot

Welcome to TechSpot

Public-facing Unix/Linux systems

Zirotek Newcomer, in training Posts: 25

jobeard TS Ambassador Posts: 12,339 +132

Zirotek Newcomer, in training Posts: 25

jobeard TS Ambassador Posts: 12,339 +132

Add New Comment

	TechSpot Members Login or sign up for free, it takes about 30 seconds.			You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.