1

Secure your IT infrastructure with GNU/Linux

ByBuddhika Siddhisena

Chief Technology Officer & Co-Founder's of ThinkCube Systems

&Member's of LKLUG

2

Strategy

● Migrate Core services

● Migrating other services

● Desktop replacements

3

Core services

● Email

● Web site

● Proxy

● File sharing

● Printer sharing

4

Email Server

● Email Server Software

– Sendmail is the most popular– Postfix and Exim are other popular ones

● Email Authentication

– Unix account authentication– MySQL authentication– LDAP authentication

5

Email Clients

● Any client which supports SMTP/IMAP/POP

● Web mail

– OpenWebMail (perl)– Horde (php)– Zimbra (java)

6

Email + Virus + Spam

● SPAM detection

– Spam Assassin (rule based)– Dspam (statistical)

● Virus scanners

– ClamAV● Virus to Mail server interfaces

– Amavis – MailScanner

7

Web & Proxy

● Recommended Web server is Apache 2.x

● Recommended Proxy server is SQUID

● SQUID to virus scanner interfaces

– Squirm– Squidguard– squidcalm

8

File Shares

● File sharing

– SAMBA, implements the SMB/NMB protocols– WebDAV, uses apache to upload/download

files– SFTP/SCP, Secure FTP or Secure Copy. Part of

OpenSSH

9

Printer Sharing

● CUPS (Common Unix Printing System)

– Implements IPP (Internet Printing Protocol)– SAMBA can be configured to share printers

● Printer Drivers– Foomatic drivers– GIMP Print Drivers

10

Other services

● Firewalls

● Windows PDC/AD

● Databases

● VOIP/FAX

● Network monitoring

11

Firewalls

● Linux already has a built in firewall called IPTables

● SELinux for application level security

12

PDC/BDC/AD

● SAMBA can be configured for all of these scenarios.

● OpenLDAP or Fedora Directory can be used to implement directory services.

13

Databases

● MySQL is a much better replacement for MS Access or MSSQL.

● PostgreSQL can replace Oracle & MSSQL.

14

VOIP/FAX

● Asterisk is a popular SIP based VOIP server.

– Peer-to-peer calls via a VOIP phone.– Conferencing support– Interface with PSTN lines and provide PBX

functionality

● HylaFAX is a popular FAX server.

15

Net Monitor

● LAN monitoring tools.

– netcat.– Ntop

● Log Analyzers– Webalizer (http,squid etc.)– Awstats (http,squid,mail etc.)

16

Desktop Replacements

● Replace IE with Firefox

● Replacing Microsoft Office with OpenOffice.org

● Replace Outlook with Thunderbird for simple email functionality

● Replace Photoshop with Gimp● Replace Corel Draw with Inkscape

17

Which Distribution

● If you want to run a Server...

– Redhat AS (Commercial)– SuSE Enterprise (Commercial)– CentOS (Redhat AS compatible)– Debian Stable/Testing– Ubuntu Server

18

Which Distribution

● If you want to run a desktop client...

– Ubuntu (Gnome based)– Kubuntu (Kde based)– Fedora – Open SUSE– Debian Testing/Unstable

19

Software Wars

20

Thank You