Dear fellows,

I currently look after a security solution for my company. I know that I will not get many answers from the list, as security is pretty much the secret recipie of all network operators.

However, I better try to send a post here and see what feedbacks I can get, so let’s get started.

I run a farm of 15 servers, all running RedHat Linux 5 x64. These servers are mainly webhosting orientated, they handle website files, database and emails. The network is multihomed and with a capacity of 3 x 100 Mbit. We currently don’t have any kind of security, nor a firewall appliance (yes, I know shame on me).

At this point, I am looking at a cost-effective solution. I have checked around for commercial solutions and have found Cisco and Juniper to be my options.

I must admit that I am not convinced at all by these brands and would fell pretty ashamed to have a Cisco ASA toy in my rack. As for Juniper, it seems that the boxes are a bit overpriced for my single-featured IT department and would kill my yearly poor budget.

I use to see some dirty forged packets hiting the servers. They never took a server down, nor made them fill up the memory, but I consider I could see some „dos“ or even non-bot size „ddos“ attacks. Another point is that I must have a firewall that is transparent. Some servers requires to have public IP (for dumb license reasons).

What would you advice? Is BSD/Linux with a multi-gig port a good option to consider? What firewall do you advice? How do you clean ddos?

Looking forward to reading all answers.

Regards.

- Simon