OT: Quick book
- From: "Kenny Mann" <Kennymann@xxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Tue, 13 Apr 2004 10:45:26 -0500
Here is something I've written just becuase I'm tired of having to
basically say the same thing over and over... so instead of complaining
I've decided to do something about it and give people direction... (plus
it's easier to give a URL than type this whole thing up). This is only
something I've written and a couple more sections to come. I thought I
would get yall's opinoin about it. I've decided I don't want to write
something huge or else people go cross eyed, and some people just want
to know what they are getting into before they jump in.
Things I plan on having:
1. Firewalls * Only one done so far *
2. Mail Server *Plan on writting during lunch today; Will include
Exchange Server, AV, SendMail, Exim, POP/IMAP/Exchange concepts, will
tie in with firewall*
3. Web Server *Tonight; IIS, Apache, PHP/ASP+MySQL combo's, will tie in
with firewall*
4. Hosting your own domain (ties in with all of the above a little, but
gives the basic concept of the internet)
5. Some basic examples (going to include a full setup for Windows,
Linux, and OpenBSD -- and also give a basic checklist of what people
will want to look for)
Anyone think I forgot something critical for the first little section?
//=========================================
Ok.. I've seen the question over and over on many mailing list asking
"How do I run my own firewall/email server/website/<insert service
here>?". This little article is here to give a very brief explanation of
what is what and to give you a general direction to take. If anyone has
any questions, comments, flames, or concerns feel free to email me at
<insert public address here>
The goal of this little bit is so anyone can read it, and get a general
clue. If you don't understand a word, google it. That's how you learn in
this field.
1. Firewalls
Firewalls are the first line of defense (of hopefully many) you have
against hackers. When I refer to hackers, I mean someone trying to do
something to your data that they shouldn't be. This could be someone in
the internet or someone in your own building. When a program needs to
talk to another computer, it uses "ports" to communicate. There are many
ports commonly used to communicate. A mail server usually has port 25
open, a web server usually has port 80 open, IMAP and POP3 (these two
services are common methods of getting your email and putting it on your
desktop) run on port 143 and 110. As an administrator, your job is to
choose what people can and can not do. The most suggestive method is to
deny everything, and allow only what you need. What this means, is lets
assume you only want your people to only be able to surf the internet.
You would only allow port 80 (there is another port for secure HTTP
protocol, but right now we are just going basic). This means that there
browser, Internet Explorer usually, but anything else will not such as
FTP, or email. This method is preferred becuase a user could install
something on there machine and that machine could try to send data to
someone outside of your network, assuming your firewall is setup to
block everything excepyt certain ports, this would hopefully stop that
machine from going outside and if you logging level is turn high enough,
you will get reports of someone trying to do something they weren't
supposed to. IPTables, Microsoft ISA Server, and ZoneAlarm are three
different firewalls with the same goal. IPTables is used in Linux, MS
ISA Server and ZoneAlarm are used on Windows. ZoneAlarm is good to use
for personal use but not for business use becuase it rely's on the user
to answer the questions. I, personally, suggest using Microsoft ISA
Server or one of the Linux firewalls (IPChains, IPTables, etc) becuase
of how stout they are. If you are cheap, then go the Linux solution, if
you have money to spare (or have to use Windows) then I suggest MS ISA
Server. MS ISA server is signifigantly easier to setup than the Linux
solutions, or at least that has been my experiance. If you plan on
hosting your own email, website, or anything connected to the internet,
I would always have a firewall on that computer. It's commonly suggested
to have a firewall directly connected to the internet and have another
computer behind that firewall which hosts your services, with the logic
that if something happens to your firewall the computer behind it is OK
or at least has a greater chance of being OK.
---------
Kenny Mann
Other related posts:
