Topic: is smoothwall over kill with SME ?

[brit-dub]

At the moment I run a SME server in server only mode behind a smoothwall box.

Do you think this is over kill, do I really need the smoothwall now that I’m running a SME server.

any people here had any problems from internet attacks with a SME server in server gateway mode ?

Would my network be just as safe using SME in server and gateway mode without a smoothwall box ?

How can I check the intrusion detection logs ? and or firewall logs ?

TIA

brit

[arne]

I guess that the "right" answer in this forum is that the Smoothwall is not needed. From a security point of view I think this is not a incorrect answer.

From a practical point of view and as my personal point of view, based I my experience - I would prefer the Smoothwall and Sme server only installation at least for my own use.

Main reason:

I like to test and check out all kind of different software and to ply with the server. If I do that on a server gateway I will experience that the gateway will be down or that the firewall is incorrect configured as soon as I have made some "intesesting experiments".

It is much more practical (as I see it) to let the firewall/gateway and the server(s) live their own life.

Both can basically do the same firewalling, but I think that is it quicker and more easy to reconfigure the Smotthwall firewall. Intrusion detection is slightely a bit bether on Smoothwall, but I would not put so much weight on that item.

Personally I feel quite happy with one exelent Linux firewall in combinition with a superb Linux server.

According to my point of view (and tast) there is room for them both, even though you can do it well enough with only one of them.

[SharifGeorge]

I have a v 6.ox sme server up - unpatched and out of the box that has been running server and gateway with a public ip for nearly 2 years.

The server has never gone down, never slowed down and not even required a reboot in all that time.  We just discovered that we had left open a couple of "app ports" all that time and even though they were seen the server was not compromised.

 SME server - dontcha luv it.

I will say this, it is just as well as I could never get the backup drive to work on it!!

Sharif

[Librarian]

@sharif - I learnt that lesson the hard way - DO make backups, even if it's to your desktop. Otherwise you'll be spending hours and hours typing and re-typing all those users' names, passwords and aliases...   Our exchange 2003 recently borked and we lost our aliases... had to retype all of these in again. Luckily I made some printouts beforehand.

Smoothwall and SME Server combination works quite well, never had a problem. It might be overkill, but this way the SME server sits in the DMZ (which I don't need to worry about) and the Smoothie feeds both the DMZ and the green network.

Should the SME server be compromised, then it's a quick hour of reformatting and reinstall, and restore from a good backup without having to do the M$ schlepp. Simply more peace for my mind.  

Regards

Lib

[brit-dub]

Thanks for all the replies; I'm sure I will leave the SME server on the green port acting as my file server and mail server (collected from my ISP). I'm just starting to play with the backup side of things.

Lib if your SME is on the DMZ, does this mean you use it as a web server only ?

Because I was thinking, I have the SME as file and internal mail server on the green zone at the moment. This means if I want to put on a web server I would have to use another pc on the DMZ with SME installed.

This wont be a major problem as I do have a few older redundant PC's kicking around.

It’s nice to know how other people configure there systems.

Regards

Brit

[Librarian]

Lib if your SME is on the DMZ, does this mean you use it as a web server only ?

Ee-yep, I do use it as FTP and Web server. I don't trust having public (internet) services open on my green network.

I don't worry about the SME in the DMZ anymore, having backed it up good and proper. Should some hacker manage to deface, or hack it, then I just reformat, reinstall and restore. Simple, quick and painless.

It's running spamassassin and clamav just for kicks.  

Try restoring a hacked M$ server in under an hour...   complete with restores and security updates.