[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Security/Firewall advice
- Subject: Re: [cobalt-users] Security/Firewall advice
- From: sm <sm@xxxxxxxxxxxx>
- Date: Sun Jul 21 17:26:48 2002
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
Hi Paul,
At 14:53 19-07-2002 +0100, Paul Shuttleworth wrote:
>As a newbie myself I WILL risk the flames and the wrath of the group and ask
>a question!!! ;-)
Flame: You have set the email priority as High. I wonder why. :-)
>I have just put our RAQ4r in with the co-lo yesterday and all is well with
>the world (well it will be as soon as I have persuaded my firewall to let me
>SSH from my machine to the box... but that's my problem) anyway, I have set
>up portsentry and ip chains ready to implement and configure. Whilst talking
>to the techie at my co-lo it seems they run a firewall on the incoming side
>of their network, the only ports they have open by default are
>80,20,21,22,110,25 I have asked them to open 81 also for admin. My question
>is should I still set up portsentry/ipchains to help prevent attacks ? ( I
>could still get attacked from within right?) and also can anyone see any
>other ports that would be a good idea to ask them to open up ( I read some
>posts on ipchains requiring port 53?) any advice appreciated.
As it is a co-lo, it is better to have your own firewall as well as you
don't know what your neighbors are up to. Even if your provider is running
their own firewall, it helps to protect yourself twice.
You will have to open port 53 for DNS. If your provider is doing DNS
hosting for you, there is no need to ask them to open port 53. If you are
running your own DNS server, you will have to ask them to open port 53 for
you.
Regards,
-sm