I'm doing this thing right now. The only issue I worry about is attacks like DDoS.
Hetz 2010/9/4 Etzion Bar-Noy <eza...@tournament.org.il> > Hi. > I am in your shoes. I maintain several Linux systems hosted in Netvision > (currently) for the last few years. For the last 7 years or so, I have been > using iptables to protect my systems from intrusion. I have been using > denyhosts to prevent unauthorized SSH logins, and prevented direct root > login, or blocked all/some except my home fixed address and some other > well-trusted addresses. > > This setup has proven itself to be effective and reliable, with zero > intrusions (I stopped logging them after a while, because it's not that > interesting, after all. The amount of random port scans are huge). > > Assuming you understand iptables, and you know how to handle it right, > there is no problem with that solution. None that I have noticed. > > Ez > > 2010/9/3 Hetz Ben Hamo <het...@gmail.com> > >> Hi people, >> As I setup my VPS/dedicated hosting here in Israel, I have been asked by >> the hosting company (Netvision) to either buy and bring a firewall or rent >> from them since the bandwidth I bought exceeds what is allowed under their >> firewall. >> They're offering Cisco 1383 (or 1838, I don't remember exactly which >> model). >> >> As a person who really loves Linux, I thought to myself: Why do I need to >> buy/rent some proprietary Cisco solution? Can't Linux handle the firewall >> task well? I'm sure Cisco/Checkpoint solutions are great, but yet... >> >> So here's my question: If you were in my shoes, would you take a cisco or >> apply some Linux solution? If you say Linux solution, what kind of solution? >> Could you name an app/module/whatever that can do a good protection against >> the usual suspect and protect against stuff like DDoS attack? >> >> I prefer the Linux solution because then I can run other services on this >> machine (small mail server, nagios, etc..) >> >> Suggestions? >> >> Thanks, >> Hetz >> >> -- >> my blog (hebrew): http://benhamo.org >> Skype: heunique >> MSN: hetz-b...@benhamo.org >> >> _______________________________________________ >> Linux-il mailing list >> Linux-il@cs.huji.ac.il >> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il >> >> > -- my blog (hebrew): http://benhamo.org Skype: heunique MSN: hetz-b...@benhamo.org
_______________________________________________ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
