[mythtv-users] Help NEEDED !
peter at vanderwal.us
Thu Jul 3 08:33:45 UTC 2008
> I run a single server with: a MythTV backend (2 PVR-250 cards and one
> HDHomeRun), a mail server (IMAPS and SMTPS with ClamAV, SpamAssassin and
> MIMEDefang), a web server (HTTPS), a file server (CIFS), a slimserver, a
> RADIUS server, a directory server (LDAPS), a web proxy, a Windows domain
> controller, a WINS server, a DNS server and a DHCP server. In addition,
> I use it to compile MiniMyth.
> It ran fine for years on a 2.4GHz P4. However, I upgraded it to a Core 2
> Duo so that compilation would be faster.
I used to run everything on the same server. But I keep logs of the nice
folks that try to break in. Between the viruses, trojans, script kiddies,
etc. the number of daily attacks gets quite impressive.
I figure there is a better than even chance that someday, one of them will
be successful. Because of that I have separated my internal network from
my external one.
This way a hacker that breaks into my webserver won't be able to trash my
I run different distros on the internal vs external and use a firewall
with a different operating system. Hopefully if anyone penetrates one of
my servers, the same vunerabilities won't apply to the others.
I recently purchased some Nagasaki MS-2100s off ebay (they were only $65
each) that I'm going to move my web and mail servers to. I'm planning on
booting from a read-only source and rebooting them daily. Finally I'm
adding another, isolated, intrusion detection system.
As far as I know, my systems have never been compromised, I hope to keep
it that way.
Even if you only have one external IP address, you can run a NAT firewall
and port forward mail/web services to different, isolated, computers. Not
only does this make it harder to break in, but it also reduces damage from
any successful penetration.
More information about the mythtv-users