What software tools organize server security management?

M

makerkz2014-06-17 18:54:02

linux

makerkz, 2014-06-17 18:54:02

Good day to you.
The question of how to choose a server will be asked separately. Although, of course, it would also not hurt to leave links here, or to say in the direction of what to dig.
There is an organization. It is planned to purchase servers for storing important information and (MAJOR) - for distributing the Internet. The network will be local, but Wi-Fi routers will also be used (for nearby offices). Accordingly, I would not want outsiders to connect to the network (the contingent of visitors will consist of IT specialists, that is, it is very likely that even a password-protected network can be hacked, but at the same time, I don’t want to make the network password-protected, it will be open, but here’s how security will be organized - further).
What is required? Wi-Fi network is open. Each employee has their own username and password. After connecting to the network and opening a browser (from absolutely any device, be it a laptop, Android, iOS device), a page opens asking you to log in using your username and password. Maximum - 2-3 devices per account. For each account, traffic accounting, speed limit (including reaching the limit), device management (not the essence of course), there must be a personal account with detailed information on traffic. Requires local file storage. That is, a kind of network for distributing the Internet and local storage within a rather large company.
As you already understood, I have zero experience in system administration (for the most part I am engaged in javascript frontend / backend development).
What would you suggest? What servers, what OS? Leaning towards Linux (don't know which version is better). And the most important question - what software product would you recommend? To manage it all. Initially, preference will be given to Open Source projects (to start), or projects with a trial period. In the future, budgets will grow (when the budget is approved), respectively, there will be a choice of paid systems (up to several thousand $).

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

I

Igor, 2014-06-17
@merryjane

This is minimally feasible, but not out of the box and not in full (and maybe in full if you dig deeper).
The gateway releasing users in the Internet becomes. On it, iptables closes all ports, and all traffic for web ports like 80, 8080, 8000, etc. is wrapped on the port of the request server.
The proxy server can be right there on the gateway. Maybe on another server or virtual machine. For example squid. You can attach black/white lists, antivirus and a bunch of other policies to it. The problem is that in order for it to process https traffic, you need to collect it manually with the necessary module and register it with the proxy in the user's browser (maybe this is now fixed). It has plugins for demonstrating statistics (not in separate personal accounts, but at least in general). You can attach authorization to it and even authorization from AD. If SAMS is added to this, it will probably be more functional (here is an example of an article about what is at stake: habrahabr.ru/post/199302/).
Keywords for you if you are a beginner: iptables, squid, sams.
When you get a server, I recommend that you set up virtualization on it. Try to lift everything on a virtual machine. It should be backed up so that if something was installed / compiled unsuccessfully, you could roll back. For a gateway with a proxy, it will not take up much space.

V

Valentine, 2014-06-17
@vvpoloskin

Well, the real question looks like this: I have never cooked food, but I want the first, second and third for lunch, and I also want tomorrow's dinner. What should I buy and do to eat and not spoil anything. Read a cookbook or go to a cafe!
And on the topic: you need iptables, straight arms and a head.