Secure your IT infrastructure
with GNU/Linux
By
Buddhika Siddhisena
Chief Technology Officer & Co-Founder's of
ThinkCube Systems
&
Member's of LKLUG
1

Strategy
● Migrate Core services
● Migrating other services
● Desktop replacements
2

Core services
● Email
● Web site
● Proxy
● File sharing
● Printer sharing
3

Email Server
● Email Server Software
– Sendmail is the most popular
– Postfix and Exim are other popular ones
● Email Authentication
– Unix account authentication
– MySQL authentication
– LDAP authentication
4

Email Clients
● Any client which supports SMTP/IMAP/POP
● Web mail
– OpenWebMail (perl)
– Horde (php)
– Zimbra (java)
5

Email + Virus
+ Spam
● SPAM detection
– Spam Assassin (rule based)
– Dspam (statistical)
● Virus scanners
– ClamAV
● Virus to Mail server interfaces
– Amavis
– MailScanner
6

Web & Proxy
● Recommended Web server is Apache 2.x
● Recommended Proxy server is SQUID
● SQUID to virus scanner interfaces
– Squirm
– Squidguard
– squidcalm
7

File Shares
● File sharing
– SAMBA, implements the SMB/NMB protocols
– WebDAV, uses apache to upload/download
files
– SFTP/SCP, Secure FTP or Secure Copy. Part of
OpenSSH
8

Printer Sharing
● CUPS (Common Unix Printing System)
– Implements IPP (Internet Printing Protocol)
– SAMBA can be configured to share printers
● Printer Drivers
– Foomatic drivers
– GIMP Print Drivers
9

Other services
● Firewalls
● Windows PDC/AD
● Databases
● VOIP/FAX
● Network monitoring
10

Firewalls
● Linux already has a built in firewall called
IPTables
● SELinux for application level security
11

PDC/BDC/AD
● SAMBA can be configured for all of these
scenarios.
● OpenLDAP or Fedora Directory can be
used to implement directory services.
12

Databases
● MySQL is a much better replacement for
MS Access or MSSQL.
● PostgreSQL can replace Oracle & MSSQL.
13

VOIP/FAX
● Asterisk is a popular SIP based VOIP
server.
– Peer-to-peer calls via a VOIP phone.
– Conferencing support
– Interface with PSTN lines and provide PBX
functionality
● HylaFAX is a popular FAX server.
14

Net Monitor
● LAN monitoring tools.
– netcat.
– Ntop
● Log Analyzers
– Webalizer (http,squid etc.)
– Awstats (http,squid,mail etc.)
15

Desktop Replacements
● Replace IE with Firefox
● Replacing Microsoft Office with
OpenOffice.org
● Replace Outlook with Thunderbird for
simple email functionality
● Replace Photoshop with Gimp
● Replace Corel Draw with Inkscape
16

Which Distribution
● If you want to run a Server...
– Redhat AS (Commercial)
– SuSE Enterprise (Commercial)
– CentOS (Redhat AS compatible)
– Debian Stable/Testing
– Ubuntu Server
17

Which Distribution
● If you want to run a desktop client...
– Ubuntu (Gnome based)
– Kubuntu (Kde based)
– Fedora
– Open SUSE
– Debian Testing/Unstable
18

Software Wars
19

Thank You
20