Solved

Suggestion for Protecting Internet Gateway

Posted on 2002-05-20
11
274 Views
Last Modified: 2013-12-15
Dear All,
I am basically NT Admin  switched over to Linux.  
Recently (Feb'2002), I converted my office network from Winnt Domain Network to Linux.

     i)Winnt PDC replaced with SAMBA on Redhat LInux 7.2
     ii)Msproxy 2.0 replaced with Squid HTTP Proxy on RH 7.2
     iii)Oracle 8i on NT replaced with Oracle 8i on Redhat  Linux 7.2

Everything is working smoothly with maximum load.

             My Internet Gateway is running on Redhat
Linux 7.2 and I am using ISDN 64k Dialup Service to connect my office to internet. All the clients (win9x,NT Workstation 4.0) are connected to Internet through SQUID Proxy.

              Right now My internet gateway is not protected with any antivirus softwre. So, I am getting all Internet Worms like w32@NIMDA.eml , w3@Klez.h . etc.

       Moreover, my Samba log folders(/var/log/samba) on Internet Gateway shows some computer logs which was not existing in my network. Moreover, the size of the log file is 0k. All the client system has Mcafee Antivirus software. So, some have I am managing my network from virus attack.

 My question is

i) Which is the best antivirus software for protecting my network?Is there any free software available for the same.(As of current finanacial situation  my company dont have enough fund for buying the same). I can buy some commercial editions after 3 or 4 months only. So, pls recommend some good free stuff available on the Net?
 
 
2) I want to check who are all accessing my system. How they are accesing my resources, etc., (like security auditing in Winnt).

3) Moreoever, my Technical Support Team uses MSN Messenger Service, Yahoo Messenger Service  to communicate to the clients in the different parts of the country. The problem is MSN Messenger is getting disconnected once in a 2 minute. How to prevent frequent disconnection of MSN Messenger Service in SQUID Proxy of Redhat LInux 7.2?

With Advanced Thanks


P.L. Kannan



3) Whether my system is protected with

 
0
Comment
Question by:Kannanpl
  • 3
  • 2
  • 2
  • +3
11 Comments
 
LVL 14

Accepted Solution

by:
chris_calabrese earned 75 total points
ID: 7022120
First off, I noticed that you entered this question twice, so you might want to go and delete one of them.

Meanwhile...

1.  There are lots of A/V solutions out there, but I'm not directly familiar with any free ones for Linux.  I got the following pointers by searching for 'free antivirus linux' on google, however:
http://www.homenethelp.com/web/howto/free-antivirus.asp
http://www.learninglinux.com/article.php?sid=77
http://www.freebyte.com/antivirus/

2.  There are various auditing and logging functions in Linux, Samba, Squid, etc.  For Linux stuff, you should look at the Center for Internet Security Linux Benchmark (http://www.cisecurity.org/).  For Samba stuff, how to turn on maximal logging should be obvious in the admin GUI.  I haven't used Squid, so I won't comment there.

3.  I haven't used Squid, so I can't help out too much here, but I'm guessing this happens when the session has been idle.  You might want to look in the docs/FAQ's for related info.
0
 

Author Comment

by:Kannanpl
ID: 7026284
Hi chris calabrese,

Thanks for the useful information. Especially the website cissecurity.com is useful for me. I started exploring the same and will be implementing the Linux Benchmark 1.0 document at my server. Once again Thanks

P.L. Kannan

0
 

Author Comment

by:Kannanpl
ID: 7026289

Hi all
Still I need more info. for my query.  Any valuable suggestion is invited.

Kannan
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 3

Assisted Solution

by:DVB
DVB earned 75 total points
ID: 7101399
Use a transparent NAT for the IM clients, and remove the proxy from their config. (Iptables|ipchains HOWTOs give a simple NAT config).

If you are NATing, then the worms should not bother you much. Just hide the samba shares from the internet (all file shares actually). A simple firewall should do that.

Run syslogd, and read your logs. /var/log has all the files you need. Just ensure that logging is on.

Again, you might want to install a Jabber server internally and use that for IM.
0
 
LVL 3

Expert Comment

by:DVB
ID: 7101400
Use a transparent NAT for the IM clients, and remove the proxy from their config. (Iptables|ipchains HOWTOs give a simple NAT config).

If you are NATing, then the worms should not bother you much. Just hide the samba shares from the internet (all file shares actually). A simple firewall should do that.

Run syslogd, and read your logs. /var/log has all the files you need. Just ensure that logging is on.

Again, you might want to install a Jabber server internally and use that for IM.
0
 
LVL 3

Expert Comment

by:DVB
ID: 7101401
Ack, sorry for the double post. Bad connection.
0
 

Expert Comment

by:CleanupPing
ID: 9077008
Kannanpl:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0
 
LVL 1

Expert Comment

by:drewber
ID: 9220376
This question has been classified abandoned. I will make a recommendation to the moderators on its resolution in a week or two. I appreciate any comments that would help me to make a recommendation.
 

Unless it is clear to me that the question has been answered I will recommend delete. It is possible that a Grade less than A will be given if no expert makes a case for an A grade. It is assumed that any participant not responding to this request is no longer interested in its final disposition.

 
If the user does not know how to close the question, the options are here:
http://www.experts-exchange.com/help/closing.jsp
 
drewber
0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 9223782
Split the points between myself and DVB
0
 
LVL 12

Expert Comment

by:paullamhkg
ID: 10380064
No comment has been added lately, so it's time to clean up this TA.
I will leave the following recommendation for this question in the Cleanup topic area:

Split: chris_calabrese {http:#7022120} & DVB {http:#7101399}

Please leave any comments here within the next four days.
PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

paullamhkg
EE Cleanup Volunteer
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
su - oracle could not open session 6 95
Help on running oracle SQL script in linux 3 61
Linux VM 6 101
android secure ftp 3 50
rdate is a Linux command and the network time protocol for immediate date and time setup from another machine. The clocks are synchronized by entering rdate with the -s switch (command without switch just checks the time but does not set anything). …
Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question