Solved

Suggestion for Protecting Internet Gateway

Posted on 2002-05-20
11
270 Views
Last Modified: 2013-12-15
Dear All,
I am basically NT Admin  switched over to Linux.  
Recently (Feb'2002), I converted my office network from Winnt Domain Network to Linux.

     i)Winnt PDC replaced with SAMBA on Redhat LInux 7.2
     ii)Msproxy 2.0 replaced with Squid HTTP Proxy on RH 7.2
     iii)Oracle 8i on NT replaced with Oracle 8i on Redhat  Linux 7.2

Everything is working smoothly with maximum load.

             My Internet Gateway is running on Redhat
Linux 7.2 and I am using ISDN 64k Dialup Service to connect my office to internet. All the clients (win9x,NT Workstation 4.0) are connected to Internet through SQUID Proxy.

              Right now My internet gateway is not protected with any antivirus softwre. So, I am getting all Internet Worms like w32@NIMDA.eml , w3@Klez.h . etc.

       Moreover, my Samba log folders(/var/log/samba) on Internet Gateway shows some computer logs which was not existing in my network. Moreover, the size of the log file is 0k. All the client system has Mcafee Antivirus software. So, some have I am managing my network from virus attack.

 My question is

i) Which is the best antivirus software for protecting my network?Is there any free software available for the same.(As of current finanacial situation  my company dont have enough fund for buying the same). I can buy some commercial editions after 3 or 4 months only. So, pls recommend some good free stuff available on the Net?
 
 
2) I want to check who are all accessing my system. How they are accesing my resources, etc., (like security auditing in Winnt).

3) Moreoever, my Technical Support Team uses MSN Messenger Service, Yahoo Messenger Service  to communicate to the clients in the different parts of the country. The problem is MSN Messenger is getting disconnected once in a 2 minute. How to prevent frequent disconnection of MSN Messenger Service in SQUID Proxy of Redhat LInux 7.2?

With Advanced Thanks


P.L. Kannan



3) Whether my system is protected with

 
0
Comment
Question by:Kannanpl
  • 3
  • 2
  • 2
  • +3
11 Comments
 
LVL 14

Accepted Solution

by:
chris_calabrese earned 75 total points
ID: 7022120
First off, I noticed that you entered this question twice, so you might want to go and delete one of them.

Meanwhile...

1.  There are lots of A/V solutions out there, but I'm not directly familiar with any free ones for Linux.  I got the following pointers by searching for 'free antivirus linux' on google, however:
http://www.homenethelp.com/web/howto/free-antivirus.asp
http://www.learninglinux.com/article.php?sid=77
http://www.freebyte.com/antivirus/

2.  There are various auditing and logging functions in Linux, Samba, Squid, etc.  For Linux stuff, you should look at the Center for Internet Security Linux Benchmark (http://www.cisecurity.org/).  For Samba stuff, how to turn on maximal logging should be obvious in the admin GUI.  I haven't used Squid, so I won't comment there.

3.  I haven't used Squid, so I can't help out too much here, but I'm guessing this happens when the session has been idle.  You might want to look in the docs/FAQ's for related info.
0
 

Author Comment

by:Kannanpl
ID: 7026284
Hi chris calabrese,

Thanks for the useful information. Especially the website cissecurity.com is useful for me. I started exploring the same and will be implementing the Linux Benchmark 1.0 document at my server. Once again Thanks

P.L. Kannan

0
 

Author Comment

by:Kannanpl
ID: 7026289

Hi all
Still I need more info. for my query.  Any valuable suggestion is invited.

Kannan
0
 
LVL 3

Assisted Solution

by:DVB
DVB earned 75 total points
ID: 7101399
Use a transparent NAT for the IM clients, and remove the proxy from their config. (Iptables|ipchains HOWTOs give a simple NAT config).

If you are NATing, then the worms should not bother you much. Just hide the samba shares from the internet (all file shares actually). A simple firewall should do that.

Run syslogd, and read your logs. /var/log has all the files you need. Just ensure that logging is on.

Again, you might want to install a Jabber server internally and use that for IM.
0
 
LVL 3

Expert Comment

by:DVB
ID: 7101400
Use a transparent NAT for the IM clients, and remove the proxy from their config. (Iptables|ipchains HOWTOs give a simple NAT config).

If you are NATing, then the worms should not bother you much. Just hide the samba shares from the internet (all file shares actually). A simple firewall should do that.

Run syslogd, and read your logs. /var/log has all the files you need. Just ensure that logging is on.

Again, you might want to install a Jabber server internally and use that for IM.
0
Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

 
LVL 3

Expert Comment

by:DVB
ID: 7101401
Ack, sorry for the double post. Bad connection.
0
 

Expert Comment

by:CleanupPing
ID: 9077008
Kannanpl:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0
 
LVL 1

Expert Comment

by:drewber
ID: 9220376
This question has been classified abandoned. I will make a recommendation to the moderators on its resolution in a week or two. I appreciate any comments that would help me to make a recommendation.
 

Unless it is clear to me that the question has been answered I will recommend delete. It is possible that a Grade less than A will be given if no expert makes a case for an A grade. It is assumed that any participant not responding to this request is no longer interested in its final disposition.

 
If the user does not know how to close the question, the options are here:
http://www.experts-exchange.com/help/closing.jsp
 
drewber
0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 9223782
Split the points between myself and DVB
0
 
LVL 12

Expert Comment

by:paullamhkg
ID: 10380064
No comment has been added lately, so it's time to clean up this TA.
I will leave the following recommendation for this question in the Cleanup topic area:

Split: chris_calabrese {http:#7022120} & DVB {http:#7101399}

Please leave any comments here within the next four days.
PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

paullamhkg
EE Cleanup Volunteer
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now