Spread the love! TechSpot Tech Gift Shortlist 2017

Public-facing Unix/Linux systems

By Zirotek
May 9, 2011
Post New Reply
  1. Hey all,

    I'm a 3rd year IT student and my minor is database Admin. I was just wondering if you guys/girls could help give me some clarity on something I'm a little hazy on because I cant seem to find anything on Google.

    I'm looking into public-facing UNIX/Linux systems (are these just systems that are used by the public?) and ways in which you can "harden" them. I'm not really looking for coding but just methods that can be used.

    Thanks :)
  2. jobeard

    jobeard TS Ambassador Posts: 10,869   +903

    Recall that these systems are primarily Server system and not desktops.
    (yea, we see users with the DT versions, but that's a minority use for these OSs).
    A public facing system is one with direct access to the internet (ignoring the physical wiring).
    Such systems might be a web server, public DNS for the company 'public services' and or LDAP, Email servers. Have you see this topology yet?
    ISP==Firewall#1---DMZ systems ---Firewall#2----Internal infrastructure​
    Everything in the DMZ is public facing.
    Harding per se is purely configuration issues;
    • Close unnecessary ports
    • Use a bi-directional firewall
    • Activate an IDS and monitor it
    Crossing Firewall#2 is also tightly controlled as the goods on the otherside are the gems of the company.
    A common technique is to disallow common ports (eg 80,443, 20,21, 25,110,143)
    and to remap them into non-standard choices (eg 10080,10443, 10020, 10021, 10025,10110,100143)
    and a proxy server to control access

    You should know that everything in the DMZ is subject to being compromised and therefore
    a complete scratch-and-rebuild process should be in place for every component.
  3. Zirotek

    Zirotek TS Rookie Topic Starter Posts: 16

    Thanks jobeard,
    I asked my lecturer what a public facing computer was and he just said "its a computer without a password". Thanks for adding in detail, I can see where you're coming from and no longer have to scour the internet for a straight forward answer.
  4. jobeard

    jobeard TS Ambassador Posts: 10,869   +903

    OUCH :(
    The willingness to make such a careless comment certainly casts a poor shaddow over the information you are receiving.
    HOWEVER, use your mental facilities and don't critique him/her - - EVER.

    Using a quote from a famous book:
    I'll also mention a comment from the '60s which seems to apply:

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...