I want security, the best kind


Recommended Posts

I wanna configure a pc for all my Network services, So this is gonna be one of my most important boxes i have.

I don't care about anything but security and stability. What would be the best disto? I don't wanna put a lot time in a setup only to find out i could have chosen a different distro that's better.

Have been thinking about OpenBSD/NetBSD, but never worked with BSD distros. i have a little linux knowledge but i know my networking. The rest i'll figure out :p

Tips, ideas, recommendations???

Link to comment
Share on other sites

OpenBSD would also get my vote, if looking for a secure system - right out of the gate ;) With min config, etc..

Link to comment
Share on other sites

DNS for my domain name, DHCP for local network, router and firewall.

I don't know if it's wise to have them all the same box from a security point of view. But it is cheaper. Eventually it's still a home network.

As for hardware, what would be a recommended configuration?

Link to comment
Share on other sites

Just spend about $50 on a cheap router... you will save a hell of a lot in electricity costs.

Virtually every router I've seen does DHCP, DNS relays (very little point in caching DNS requests for a home network), routes (obviously) and most have a good firewall built in.

You can also get linksys routers which are hackable (from the internal network) easily (they run linux) and you can do anything you'd want to do with a normal linux box really...

Link to comment
Share on other sites

Is the DNS for an externally accessable domain? If just for internal home networking of a few machines its not really needed ( I run one just because geekpoints++ :p ).

As for hardware, the services you'll be running won't really be taxing the system so whatever you have handy will probably work just fine.

As for the question of a SOHO (linksys, etc.) type router vs. your own machine. Thats really up to you. The initial setup for a Linksys is very simple, but once configured both options are fairly maintenance free.

As a side note, if you care, Linksys/Cisco have been running afoul of the GPL with their use of Linux.

More info on that here.

Link to comment
Share on other sites

ya i agree about the router but it wont do dns obviously. openbsd is built for security so thats what i would go with. ive never used openbsd but freebsd wasnt hard to setup. just make sure you dont enable ssh other than on the local lan

Link to comment
Share on other sites

In addition to using openbsd, go for an un-common architecture for you hardware (ie: an old sparc machine, or PPC system). The majority of script kiddies out there are on x86 and have never seen anything else. Any binary exploits they try to use will bounce off harmlessly. Obviously anyone who knows what they're doing won't be disuaded - but you can only do so much.

IIRC x86-64 offers execute bit per page in the MMU (so you can flag portions of code 'read/write but don't run' which adds some security against buffer overflow type attacks: that's a good thing

Link to comment
Share on other sites

This is good stuff guys, Thanx.

One more thing, is it safe to have an DNS for an externally accessable domain, the DHCP for internal use and the firewall on the same machine?

If not, what should i take to another machine?

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.