Hi there,
my question for those who doesn't want to read a huge text: is clearos secure enough to be run on a dedicated root server as a firewall and hips system? If so it is also safe to also use a mailserver on the same machine or should another instance to the thing?
The long reading:
I've been running some gameservers and teamspeak on a dedicated centos (centos over debian because I'm a RHEL administrator and know the distribution). Some windows servers as dayz and 7days to die are virtualized within a virtualbox windows machine. For the clans playing on the hosted gameservers a confluence collaboration software is used for their homepages. It is more a hobby of me rather then a money maker (in fact I've to pay more than money comes in).
Now I want to virtualize the server processes for a more secure and robust infrastructure. For this reason I've installed a VSphere Hypervisor. I have 2 more external IP adresses.
I've setup the main ip for the management interface of the vsphere. The second IP should be used for the router which is routing incoming and outgoing traffic of the virtual machines who are in a private network with ip's I don't have to pay for.
Until now I've been using pfsense as a routing vm. I'm thinking of using clearos because of the wonderful gui and also some more intuitive tools like intrusion prevention. Also it is possible to use a dns, and it has included a mail server and it's configuration utility. So my question is if it is possible to use clear os (community edition for now) in this scenario or if it is not advices to do so because of security.
Thanks for answers.
Kind regards,
Stefan
my question for those who doesn't want to read a huge text: is clearos secure enough to be run on a dedicated root server as a firewall and hips system? If so it is also safe to also use a mailserver on the same machine or should another instance to the thing?
The long reading:
I've been running some gameservers and teamspeak on a dedicated centos (centos over debian because I'm a RHEL administrator and know the distribution). Some windows servers as dayz and 7days to die are virtualized within a virtualbox windows machine. For the clans playing on the hosted gameservers a confluence collaboration software is used for their homepages. It is more a hobby of me rather then a money maker (in fact I've to pay more than money comes in).
Now I want to virtualize the server processes for a more secure and robust infrastructure. For this reason I've installed a VSphere Hypervisor. I have 2 more external IP adresses.
I've setup the main ip for the management interface of the vsphere. The second IP should be used for the router which is routing incoming and outgoing traffic of the virtual machines who are in a private network with ip's I don't have to pay for.
Until now I've been using pfsense as a routing vm. I'm thinking of using clearos because of the wonderful gui and also some more intuitive tools like intrusion prevention. Also it is possible to use a dns, and it has included a mail server and it's configuration utility. So my question is if it is possible to use clear os (community edition for now) in this scenario or if it is not advices to do so because of security.
Thanks for answers.
Kind regards,
Stefan
Share this post:
Responses (1)
-
Accepted Answer
Hello Stefan
my question for those who doesn't want to read a huge text: is clearos secure enough to be run on a dedicated root server as a firewall and hips system? If so it is also safe to also use a mailserver on the same machine or should another instance to the thing?
I prefer running the gateway and mail server on a separate servers but you do not have to. Kind of nice that way I have one big box running all my servers on a layer 2 LAN. I have Snort and IP sets running all looks good. I run my servers as ESXI VM clients now if you are a purist some would say not to run the firewall as a VM and yes the ESXI server can not immediately sync its clock until the gateway is up.
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »