volkan Posted December 14, 2003 Share Posted December 14, 2003 I wanna configure a pc for all my Network services, So this is gonna be one of my most important boxes i have. I don't care about anything but security and stability. What would be the best disto? I don't wanna put a lot time in a setup only to find out i could have chosen a different distro that's better. Have been thinking about OpenBSD/NetBSD, but never worked with BSD distros. i have a little linux knowledge but i know my networking. The rest i'll figure out :p Tips, ideas, recommendations??? Link to comment Share on other sites More sharing options...
FBody24 Posted December 14, 2003 Share Posted December 14, 2003 I'd vote for OpenBSD. VERY secure by default. What kinds of network services are you going to be running? Link to comment Share on other sites More sharing options...
+BudMan MVC Posted December 14, 2003 MVC Share Posted December 14, 2003 OpenBSD would also get my vote, if looking for a secure system - right out of the gate ;) With min config, etc.. Link to comment Share on other sites More sharing options...
DreamweaverN Posted December 14, 2003 Share Posted December 14, 2003 OpenBSD is where it's at for security I hear. Link to comment Share on other sites More sharing options...
coats Posted December 14, 2003 Share Posted December 14, 2003 Easy. Just go with the least popular distro, and noone will wanna hack it. Link to comment Share on other sites More sharing options...
volkan Posted December 14, 2003 Author Share Posted December 14, 2003 DNS for my domain name, DHCP for local network, router and firewall. I don't know if it's wise to have them all the same box from a security point of view. But it is cheaper. Eventually it's still a home network. As for hardware, what would be a recommended configuration? Link to comment Share on other sites More sharing options...
UKer Posted December 14, 2003 Share Posted December 14, 2003 I'de buy an old PC and use smoothwall with it (http://www.smoothwall.org/), it's very easy to set up and has all the features of an expensive router, if you need them. Link to comment Share on other sites More sharing options...
aldo Posted December 14, 2003 Share Posted December 14, 2003 Just spend about $50 on a cheap router... you will save a hell of a lot in electricity costs. Virtually every router I've seen does DHCP, DNS relays (very little point in caching DNS requests for a home network), routes (obviously) and most have a good firewall built in. You can also get linksys routers which are hackable (from the internal network) easily (they run linux) and you can do anything you'd want to do with a normal linux box really... Link to comment Share on other sites More sharing options...
FBody24 Posted December 14, 2003 Share Posted December 14, 2003 Is the DNS for an externally accessable domain? If just for internal home networking of a few machines its not really needed ( I run one just because geekpoints++ :p ). As for hardware, the services you'll be running won't really be taxing the system so whatever you have handy will probably work just fine. As for the question of a SOHO (linksys, etc.) type router vs. your own machine. Thats really up to you. The initial setup for a Linksys is very simple, but once configured both options are fairly maintenance free. As a side note, if you care, Linksys/Cisco have been running afoul of the GPL with their use of Linux. More info on that here. Link to comment Share on other sites More sharing options...
radixvir Posted December 15, 2003 Share Posted December 15, 2003 ya i agree about the router but it wont do dns obviously. openbsd is built for security so thats what i would go with. ive never used openbsd but freebsd wasnt hard to setup. just make sure you dont enable ssh other than on the local lan Link to comment Share on other sites More sharing options...
Pink Floyd Veteran Posted December 15, 2003 Veteran Share Posted December 15, 2003 hey guys, why OpenBSD 3.4 is only 138mb and there is no ISO format? I've compared with FreeBSD 5.2 beta which is 2 cd iso of 297 and 250mb Link to comment Share on other sites More sharing options...
the evn show Posted December 15, 2003 Share Posted December 15, 2003 In addition to using openbsd, go for an un-common architecture for you hardware (ie: an old sparc machine, or PPC system). The majority of script kiddies out there are on x86 and have never seen anything else. Any binary exploits they try to use will bounce off harmlessly. Obviously anyone who knows what they're doing won't be disuaded - but you can only do so much. IIRC x86-64 offers execute bit per page in the MMU (so you can flag portions of code 'read/write but don't run' which adds some security against buffer overflow type attacks: that's a good thing Link to comment Share on other sites More sharing options...
volkan Posted December 15, 2003 Author Share Posted December 15, 2003 This is good stuff guys, Thanx. One more thing, is it safe to have an DNS for an externally accessable domain, the DHCP for internal use and the firewall on the same machine? If not, what should i take to another machine? Link to comment Share on other sites More sharing options...
Daem0hn Posted December 15, 2003 Share Posted December 15, 2003 OpenBSD banned from being developed or making sales from within the US because it was so secure, the US military was scared terrorists could use it for something or another i vote OpenBSD Link to comment Share on other sites More sharing options...
Recommended Posts