Log Server Analysis

In April of 2002 I went to work for the University of Auckland in New Zealand.  One of my first jobs was to create a syslog infrastructure. After examining many different products we decided to select syslog-ng. The primary reason for syslog-ng was that it allowed us to create directories of hosts/log facility that would create new directories based on the date. Our directory structure looks…[read more…]

Server based firewalling under Linux

Whenever you run a public service on a computer there is always a chance that it may get compromised. If this happens then an attacker can start doing things like: attacking other systems, pulling down software to run on your system, copying off various config files, running a shell to connect to, etc. What if you could ensure that even if your system was compromised that the attacker couldn't start up other processes to allow inbound connection and also would not be able to startup other outbound connections? [read more…]

Host based firewalling under Linux

It seems that more and more people are now using Linux for their desktop machines. While I think that using Linux for the desktop is great it also means that many end users may be exposing themselves to a good deal of attacks while out on the internet. It is therefore important to ensure that these end-users are as well protected as possible while being connected to a generally unprotected and sometimes hostile network. The other major consideration is to make the firewalling on the users' machine liberal enough as to allow the end user enough freedom to perform their work. [read more…]