Public-facing Unix/Linux systems

Zirotek

Posts: 14   +0
Hey all,

I'm a 3rd year IT student and my minor is database Admin. I was just wondering if you guys/girls could help give me some clarity on something I'm a little hazy on because I cant seem to find anything on Google.

I'm looking into public-facing UNIX/Linux systems (are these just systems that are used by the public?) and ways in which you can "harden" them. I'm not really looking for coding but just methods that can be used.

Thanks :)
Ziro
 
I'm looking into public-facing UNIX/Linux systems (are these just systems that are used by the public?)
Recall that these systems are primarily Server system and not desktops.
(yea, we see users with the DT versions, but that's a minority use for these OSs).
A public facing system is one with direct access to the internet (ignoring the physical wiring).
Such systems might be a web server, public DNS for the company 'public services' and or LDAP, Email servers. Have you see this topology yet?
ISP==Firewall#1---DMZ systems ---Firewall#2----Internal infrastructure​
Everything in the DMZ is public facing.
and ways in which you can "harden" them. I'm not really looking for coding but just methods that can be used.
Harding per se is purely configuration issues;
  • Close unnecessary ports
  • Use a bi-directional firewall
  • Activate an IDS and monitor it
Crossing Firewall#2 is also tightly controlled as the goods on the otherside are the gems of the company.
A common technique is to disallow common ports (eg 80,443, 20,21, 25,110,143)
and to remap them into non-standard choices (eg 10080,10443, 10020, 10021, 10025,10110,100143)
and a proxy server to control access

You should know that everything in the DMZ is subject to being compromised and therefore
a complete scratch-and-rebuild process should be in place for every component.
 
Thanks jobeard,
I asked my lecturer what a public facing computer was and he just said "its a computer without a password". Thanks for adding in detail, I can see where you're coming from and no longer have to scour the internet for a straight forward answer.
Champion!
 
Thanks jobeard,
I asked my lecturer what a public facing computer was and he just said "its a computer without a password".
OUCH :(
The willingness to make such a careless comment certainly casts a poor shaddow over the information you are receiving.
HOWEVER, use your mental facilities and don't critique him/her - - EVER.

Using a quote from a famous book:
Acts 17:11 Now the latter were more noble-minded than those in Thessalonica, for they ... were carefully examining as to whether these things were so.
I'll also mention a comment from the '60s which seems to apply:
those that can DO and the others teach or preach.
 
Back