Security is a major problem with any system connected to the Internet - perhaps the best advice is to be paranoid! Security should be a major topic of its own, not a side-issue for a discussion such as this one. But...
There are a few things one can do to minimize the risks. First, look at your log files, looking for strange activity. At first, it will all be pretty strange, but you will learn what is normal for your site.
Second, follow security news groups, subscribe to security mailing lists, or learn a few security related web sites.
Third, keep your software up to date. If you see a new revision of one of your software packages is available, at least check to see if the changes are security related.
Fourth (and this one lets you feel like you are actually doing something), learn about tcp wrapper. It is installed on all Linux distributions (that I am aware of), so it is putting entries in your system logs, but it can also be used to deny access to specific features from some or all hosts. You might consider denial of telnet access for all but your local hosts. If your web and ftp servers are at your ISP, deny external access to those services.
For 'real' security, you would not set up a system such as I have just described. You would really want the gateway system to do the minimum possible. DNS should be run on another system. Mail should be forwarded pretty much untouched to an internal system. Samba should not be run on the gateway machine, but on an internal machine. You should not allow most of the services defined in /etc/inetd.conf to run - comment them all out except the ones you know you need. Add them back as you discover that they are really needed after all.
Note that I am not providing any examples of security-related config files. Not only do I not consider myself knowledgable enough to provide examples that would probable make you safe, I don't want to expose deficiencies in my own setup.
Before you get too carried away with security, consider the trade-off between security and convenience. Also consider the value of what you have to lose. If this system is protecting the future of your entire company, be much more concerned than if the only down side of being invaded is the 'opportunity' to re install.
Index,
Previous,
Copyright ©, 1997, Ben Spade. Permission is given to copy or link to this document, as long as this notice remains intact.