Secure your IT infrastructure with GNU/Linux
4 likes1,952 views
Secure your IT infrastructure with GNU/Linux outlines a strategy for migrating core services like email, web, and file sharing to open source alternatives like Postfix, Apache, and Samba. It discusses implementing email servers, clients and antivirus/spam protection with Sendmail, Horde, ClamAV and SpamAssassin. The document also recommends securing services with firewalls like IPTables and SELinux, and replacing proprietary databases, VOIP, and desktop software with open source options like MySQL, PostgreSQL, Asterisk, Thunderbird and OpenOffice. Finally, it suggests using distributions like Ubuntu Server, CentOS or Debian for servers and Ubuntu, Fedora or Open SUSE for desktop clients.
Secure your IT infrastructure with GNU/Linux
- 1. Secure your IT infrastructure with GNU/Linux By Buddhika Siddhisena Chief Technology Officer & Co-Founder's of ThinkCube Systems & Member's of LKLUG 1
- 2. Strategy ● Migrate Core services ● Migrating other services ● Desktop replacements 2
- 3. Core services ● Email ● Web site ● Proxy ● File sharing ● Printer sharing 3
- 4. Email Server ● Email Server Software – Sendmail is the most popular – Postfix and Exim are other popular ones ● Email Authentication – Unix account authentication – MySQL authentication – LDAP authentication 4
- 5. Email Clients ● Any client which supports SMTP/IMAP/POP ● Web mail – OpenWebMail (perl) – Horde (php) – Zimbra (java) 5
- 6. Email + Virus + Spam ● SPAM detection – Spam Assassin (rule based) – Dspam (statistical) ● Virus scanners – ClamAV ● Virus to Mail server interfaces – Amavis – MailScanner 6
- 7. Web & Proxy ● Recommended Web server is Apache 2.x ● Recommended Proxy server is SQUID ● SQUID to virus scanner interfaces – Squirm – Squidguard – squidcalm 7
- 8. File Shares ● File sharing – SAMBA, implements the SMB/NMB protocols – WebDAV, uses apache to upload/download files – SFTP/SCP, Secure FTP or Secure Copy. Part of OpenSSH 8
- 9. Printer Sharing ● CUPS (Common Unix Printing System) – Implements IPP (Internet Printing Protocol) – SAMBA can be configured to share printers ● Printer Drivers – Foomatic drivers – GIMP Print Drivers 9
- 10. Other services ● Firewalls ● Windows PDC/AD ● Databases ● VOIP/FAX ● Network monitoring 10
- 11. Firewalls ● Linux already has a built in firewall called IPTables ● SELinux for application level security 11
- 12. PDC/BDC/AD ● SAMBA can be configured for all of these scenarios. ● OpenLDAP or Fedora Directory can be used to implement directory services. 12
- 13. Databases ● MySQL is a much better replacement for MS Access or MSSQL. ● PostgreSQL can replace Oracle & MSSQL. 13
- 14. VOIP/FAX ● Asterisk is a popular SIP based VOIP server. – Peer-to-peer calls via a VOIP phone. – Conferencing support – Interface with PSTN lines and provide PBX functionality ● HylaFAX is a popular FAX server. 14
- 15. Net Monitor ● LAN monitoring tools. – netcat. – Ntop ● Log Analyzers – Webalizer (http,squid etc.) – Awstats (http,squid,mail etc.) 15
- 16. Desktop Replacements ● Replace IE with Firefox ● Replacing Microsoft Office with OpenOffice.org ● Replace Outlook with Thunderbird for simple email functionality ● Replace Photoshop with Gimp ● Replace Corel Draw with Inkscape 16
- 17. Which Distribution ● If you want to run a Server... – Redhat AS (Commercial) – SuSE Enterprise (Commercial) – CentOS (Redhat AS compatible) – Debian Stable/Testing – Ubuntu Server 17
- 18. Which Distribution ● If you want to run a desktop client... – Ubuntu (Gnome based) – Kubuntu (Kde based) – Fedora – Open SUSE – Debian Testing/Unstable 18
- 19. Software Wars 19
- 20. Thank You 20