Enterprise open source firewall appliance software!

February 14, 2008 | 1 Comment

I needed to setup a content filtering firewall a few weeks ago for an office of about 50 people. The existing firewall was a Sonicwall Pro 4060 which is a very solid firewall and is more than adequate for 50 computers. Sonicwall also has a content filter application that installs on the Pro 4060. The drawback to using Sonicwall's filter is the price. Their filter is billed on a recurring yearly subscription, and would cost about $2,000 per year to use. $2,000 per year was far beyond the budget for such a project, so I went to look for an open source or lower cost setup, hopefully without any annual fee. My first thought was a custom Linux-Debian computer made only to function as a firewall. After some research and a few recommendations, I found a great out-of-the-box Linux operating system, Untangle, that is designed specifically for dedicated firewall applications. This was a much better solution that custom configuring a Linux server.

The following is a quick guide on how to setup a Enterprise class firewall for a small to medium sized business. How good your firewall performs is dependent on the hardware that you use, but if you copied the specs of the one that I setup, it should easily handle 100+ computers and servers.

Tyan transport GS14

Continue reading…

Posted by jestep | Filed Under General, Networking, Security 

Spam-proof your dedicated server!

November 13, 2007 | 1 Comment

I wrote about a great cpanel firewall add-on that I found a while back.

The same company that designed configserver firewall, has two security packages that are designed to help maintain a cpanel/whm dedicated server.

I recently purchased the "cPanel Service Package + MailScanner" package for one of the servers that I manage.

Here's what you get for $125:

  • iptables SPI firewall (csf)
  • Login failure detection (lfd)
  • Stop unnecessary processes
  • Logcheck
  • Logwatch
  • WHM configuration check
  • OpenSSH configuration check
  • Install and configure Rootkit Hunter
  • Install and configure Chkrootkit
  • install mod_security
  • Host spoof protection
  • Operating System check
  • Name server configuration check
  • Disk check
  • Kernel check
  • Apache tune and check ***
  • MySQL tune and check
  • Enhanced log rotation
  • Day of the week backup rotations
  • Secure /tmp /var/tmp /dev/shm
  • Install and configure ConfigServer Explorer (cse)
  • Install and configure ConfigServer Mail Queues (cmq)
  • Install and configure ConfigServer Mail Manage (cmm)
  • Perl installation check
  • Delete unnecessary OS users
  • Disable open DNS recursion
  • Enhance path protection
  • Remove SUID/GUID from binaries
  • PHP hardening
  • Exploit check
  • Disable vulnerable phpBB installs
  • Initial cPanel configuration
  • Enhance MailMan performance
  • Install MRTG graphs
  • MailScanner Server service
  • One week of informational tickets

While this is all great, what really caught my attention was the improvement with the email that the server was handling. Continue reading…

Posted by jestep | Filed Under General, Security 

cPanel Security

September 19, 2007 | 3 Comments

This is a little plugin that I came across today. Nothing new, but after using it, there's no way I would setup a cpanel/whm server without it.

ConfigServer Security & Firewall (csf)

This is essentially an extension of iptables firewall that integrates with a nice GUI in the WHM interface. It makes configuring the server's firewall a snap, and also suggests other security fixes based on how your server is setup.

The installation took about 5 minutes to complete and another half hour to fully configure. You will need ssh or other shell access to install it on a server. This is an absolute necessity for any server. I only wish I would have found it a long time ago, as it is a huge time-saver.

Posted by jestep | Filed Under Hosting, Security 

Internet Explorer (Auto Complete) stores your passwords unencrypted!

May 22, 2007 | 7 Comments

When you check the auto-complete option in Windows internet explorer, you just opened yourself up to a mess of potential problems. Internet explorer stores all of the user names and passwords that you tell it to learn, in a single flat-file that is unencrypted and can be easily read by a variety of program.

Continue reading…

Posted by jestep | Filed Under General, Security 

Ecommerce How-to List for Do-it-yourself'ers

May 16, 2007 | 2 Comments

Following a post from Matt Cutts, I have been collecting how to's every time I come across one that I use. I have about 900 saved up now, in just about every area imaginable.

There are so many how to guides that people need for running their ecommerce website's. With that in mind, this is a list of very useful how to's related to ecommerce. Hopefully this post will be a good resource for site owners, and those looking to get into ecommerce. Topics include everything from setting up a web server, marketing, to integrating a website with a payment gateway.

Continue reading…

Posted by jestep | Filed Under Development, General, Marketing, PPC, SEO, Security, Usability 

Website Security Auditing

February 5, 2007 | 2 Comments

Security

I purchased a security scan and audit for my main website this past week. The scan was done by a company called Acunetix.

Basically, a security scan is scan done by another server that attempts to exploit known and malicious vulnerabilities in a website's code and programming.

If you run an ecommerce website, I highly recommend getting a scan like this, even if you already do a PCI / CISP scan on any regular basis. This was a complete eye opener for me.

Continue reading…

Posted by jestep | Filed Under General, Security