Solved

Suggestion for Protecting Internet Gateway

Posted on 2002-05-20
11
277 Views
Last Modified: 2013-12-15
Dear All,
I am basically NT Admin  switched over to Linux.  
Recently (Feb'2002), I converted my office network from Winnt Domain Network to Linux.

     i)Winnt PDC replaced with SAMBA on Redhat LInux 7.2
     ii)Msproxy 2.0 replaced with Squid HTTP Proxy on RH 7.2
     iii)Oracle 8i on NT replaced with Oracle 8i on Redhat  Linux 7.2

Everything is working smoothly with maximum load.

             My Internet Gateway is running on Redhat
Linux 7.2 and I am using ISDN 64k Dialup Service to connect my office to internet. All the clients (win9x,NT Workstation 4.0) are connected to Internet through SQUID Proxy.

              Right now My internet gateway is not protected with any antivirus softwre. So, I am getting all Internet Worms like w32@NIMDA.eml , w3@Klez.h . etc.

       Moreover, my Samba log folders(/var/log/samba) on Internet Gateway shows some computer logs which was not existing in my network. Moreover, the size of the log file is 0k. All the client system has Mcafee Antivirus software. So, some have I am managing my network from virus attack.

 My question is

i) Which is the best antivirus software for protecting my network?Is there any free software available for the same.(As of current finanacial situation  my company dont have enough fund for buying the same). I can buy some commercial editions after 3 or 4 months only. So, pls recommend some good free stuff available on the Net?
 
 
2) I want to check who are all accessing my system. How they are accesing my resources, etc., (like security auditing in Winnt).

3) Moreoever, my Technical Support Team uses MSN Messenger Service, Yahoo Messenger Service  to communicate to the clients in the different parts of the country. The problem is MSN Messenger is getting disconnected once in a 2 minute. How to prevent frequent disconnection of MSN Messenger Service in SQUID Proxy of Redhat LInux 7.2?

With Advanced Thanks


P.L. Kannan



3) Whether my system is protected with

 
0
Comment
Question by:Kannanpl
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +3
11 Comments
 
LVL 14

Accepted Solution

by:
chris_calabrese earned 75 total points
ID: 7022120
First off, I noticed that you entered this question twice, so you might want to go and delete one of them.

Meanwhile...

1.  There are lots of A/V solutions out there, but I'm not directly familiar with any free ones for Linux.  I got the following pointers by searching for 'free antivirus linux' on google, however:
http://www.homenethelp.com/web/howto/free-antivirus.asp
http://www.learninglinux.com/article.php?sid=77
http://www.freebyte.com/antivirus/

2.  There are various auditing and logging functions in Linux, Samba, Squid, etc.  For Linux stuff, you should look at the Center for Internet Security Linux Benchmark (http://www.cisecurity.org/).  For Samba stuff, how to turn on maximal logging should be obvious in the admin GUI.  I haven't used Squid, so I won't comment there.

3.  I haven't used Squid, so I can't help out too much here, but I'm guessing this happens when the session has been idle.  You might want to look in the docs/FAQ's for related info.
0
 

Author Comment

by:Kannanpl
ID: 7026284
Hi chris calabrese,

Thanks for the useful information. Especially the website cissecurity.com is useful for me. I started exploring the same and will be implementing the Linux Benchmark 1.0 document at my server. Once again Thanks

P.L. Kannan

0
 

Author Comment

by:Kannanpl
ID: 7026289

Hi all
Still I need more info. for my query.  Any valuable suggestion is invited.

Kannan
0
Application Discovery Service in AWS

In the era of the cloud, customers migrating away from their existing on-premise infrastructure. This requires lots of planning, strategies, and effort to identify their existing resources and determine how best to migrate.  Datacenter migrations happen in four phases -

 
LVL 3

Assisted Solution

by:DVB
DVB earned 75 total points
ID: 7101399
Use a transparent NAT for the IM clients, and remove the proxy from their config. (Iptables|ipchains HOWTOs give a simple NAT config).

If you are NATing, then the worms should not bother you much. Just hide the samba shares from the internet (all file shares actually). A simple firewall should do that.

Run syslogd, and read your logs. /var/log has all the files you need. Just ensure that logging is on.

Again, you might want to install a Jabber server internally and use that for IM.
0
 
LVL 3

Expert Comment

by:DVB
ID: 7101400
Use a transparent NAT for the IM clients, and remove the proxy from their config. (Iptables|ipchains HOWTOs give a simple NAT config).

If you are NATing, then the worms should not bother you much. Just hide the samba shares from the internet (all file shares actually). A simple firewall should do that.

Run syslogd, and read your logs. /var/log has all the files you need. Just ensure that logging is on.

Again, you might want to install a Jabber server internally and use that for IM.
0
 
LVL 3

Expert Comment

by:DVB
ID: 7101401
Ack, sorry for the double post. Bad connection.
0
 

Expert Comment

by:CleanupPing
ID: 9077008
Kannanpl:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0
 
LVL 1

Expert Comment

by:drewber
ID: 9220376
This question has been classified abandoned. I will make a recommendation to the moderators on its resolution in a week or two. I appreciate any comments that would help me to make a recommendation.
 

Unless it is clear to me that the question has been answered I will recommend delete. It is possible that a Grade less than A will be given if no expert makes a case for an A grade. It is assumed that any participant not responding to this request is no longer interested in its final disposition.

 
If the user does not know how to close the question, the options are here:
http://www.experts-exchange.com/help/closing.jsp
 
drewber
0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 9223782
Split the points between myself and DVB
0
 
LVL 12

Expert Comment

by:paullamhkg
ID: 10380064
No comment has been added lately, so it's time to clean up this TA.
I will leave the following recommendation for this question in the Cleanup topic area:

Split: chris_calabrese {http:#7022120} & DVB {http:#7101399}

Please leave any comments here within the next four days.
PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

paullamhkg
EE Cleanup Volunteer
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Network Interface Card (NIC) bonding, also known as link aggregation, NIC teaming and trunking, is an important concept to understand and implement in any environment where high availability is of concern. Using this feature, a server administrator …
How many times have you wanted to quickly do the same thing to a list but found yourself typing it again and again? I first figured out a small time saver with the up arrow to recall the last command but that can only get you so far if you have a bi…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question