DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 29th November 2008
Ungenious Ungenious is offline
New User
 
Join Date: Nov 2008
Posts: 2
Default Is this secure?

Today I'm using a NetGear router/firewall to secure my LAN. On the inside I have a number of clients and a fileserver which I access via SSH.

I am planning to reduce the pile of equipment and save some energy at the same time. To achive this I am thinking about having one single machine hosting both firewall and fileserver.

Using OpenBSD with PF and two network adapters this is of course techically possible, but is the solution equally secure as my current setup? I do not doubt that OpenBSD/PF is able to do a job even better than NetGear (if I set it up correctly) but what about having SSH-access from Internet directly into my firewall?
Reply With Quote
  #2   (View Single Post)  
Old 29th November 2008
ivanatora ivanatora is offline
Real Name: Ivan
Fdisk Soldier
 
Join Date: Jul 2008
Location: Bulgaria
Posts: 51
Default

Two machines = two different systems to break in for a potential attacker. Even if your gateway becomes compromised, your file server will survive.
One machine = two different users to break in. For some people it is equal to the previous scenario, but IMHO breaking in a local user using some sort of local exploit is a hundred times easier than to attack a new system.
So using one machine is not secure as using two machines. But it is cheaper and simplier. So it is up to you to decide if you need so high-level of security. For a home/neighbourhood network I'd prefer one machine in order to reduce cost.
Reply With Quote
  #3   (View Single Post)  
Old 29th November 2008
BSDfan666 BSDfan666 is offline
Real Name: N/A, this is the interweb.
Banned
 
Join Date: Apr 2008
Location: Ontario, Canada
Posts: 2,223
Default

Quote:
Originally Posted by Ungenious View Post
Using OpenBSD with PF and two network adapters this is of course techically possible, but is the solution equally secure as my current setup? I do not doubt that OpenBSD/PF is able to do a job even better than NetGear (if I set it up correctly) but what about having SSH-access from Internet directly into my firewall?
What about it? unless you have someone who needs to connect to your SSH server.. listen on your NAT address only.
Reply With Quote
  #4   (View Single Post)  
Old 30th November 2008
Ungenious Ungenious is offline
New User
 
Join Date: Nov 2008
Posts: 2
Default

Thanks both of you!

BSDfan666: I need to access my fileserver from outside home, consequently the firewall would end up with a door to the outside world.
Reply With Quote
  #5   (View Single Post)  
Old 30th November 2008
BSDfan666 BSDfan666 is offline
Real Name: N/A, this is the interweb.
Banned
 
Join Date: Apr 2008
Location: Ontario, Canada
Posts: 2,223
Default

Quote:
Originally Posted by Ungenious View Post
Thanks both of you!

BSDfan666: I need to access my fileserver from outside home, consequently the firewall would end up with a door to the outside world.
Well.. if the remote location is static.. you could add a permanent rule to allow access from there.

If not, then.. disable password authentication and then use a public key approach.

Note; security through obscurity is always frowned upon.. but you could use an alternate port.. weed out some automated bots.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
how to secure my ftp? milo974 OpenBSD Security 3 4th August 2009 03:47 PM
I would like to secure a system kungfujesus OpenBSD Security 4 28th September 2008 04:30 PM
secure ssh with public key milo974 OpenBSD Security 11 9th July 2008 04:52 PM
obsd 4.3 secure ssh use milo974 OpenBSD Security 9 3rd July 2008 11:23 AM
How secure are apps that using RPC portmapping? aleunix OpenBSD Security 4 9th June 2008 05:53 PM


All times are GMT. The time now is 08:56 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick