Michael Leone on Fri, 7 Feb 2003 09:15:35 -0500


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] iptables and NAT


LeRoy Cressy said:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
>
> Ziegler, Scott wrote:
>> I am trying to setup a Linux workstation (Slackware 8 with 2.4.18
>> kernel) to tie a local network (192.168.x.x) of XP machines to our
>> corporate network. The Linux machine has a hard coded IP address and
>> it works on the network as far as telnet, ssh, browsing, etc. We need
>> to have network connectivity from the XP (for all of those M$ updates)
>> machines through the Linux machine.
>>
>
> How much do you want to protect your M$ boxes since they are the most
> vulnerable to attack.  If you really are concerned about security then
> you might want to patch the kernel source with the IP tables source.
> For instance the string match can prevent email that has known viruses
> from getting to your windows boxes.

Definitely not the best way to protect email. Especially for new viruses,
and things that don't match strings easily, or have many possible matches.

Run a virus scanner - there are many for Linux, some free - from your
email server (investigate amavisd-new; great program for calling out virus
and spam scanners from an email server). While you're at it, tag the SPAM,
too, so your users can easily make rules to route it to a holding mailbox
(never just dump tagged SPAM; it could be a mis-tag, and then you've lost
real email. Let the users decide for themselves)

-- 
PGP Fingerprint: 0AA8 DC47 CB63 AE3F C739 6BF9 9AB4 1EF6 5AA5 BCDF
Member, LEAF Project <http://leaf.sourceforge.net>    AIM: MikeLeone
Public Key - <http://www.mike-leone.com/~turgon/turgon-public-key.asc>
Registered Linux user# 201348


_________________________________________________________________________
Philadelphia Linux Users Group        --       http://www.phillylinux.org
Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce
General Discussion  --   http://lists.netisland.net/mailman/listinfo/plug