Business PC Server

[John]

Quote:

Originally Posted by nsmoller

People seem to be fans of the supermicro board... how do i know if CentOS or RH8 will work with these?

I believe Supermicro only makes server type boards, and I have heard from many that Supermicro is really the top dog when it comes to that type of hardware. Supermicro, Tyan & Intel I've read are generally the best when it comes to server motherboards.

As you already mentioned, you might not actually need a server class board. More than likely not, but you do get what you pay for when it comes to this type of stuff.

I'm not sure if RH8 would have any issue with drivers for everything on the motherboard. For example, the NIC drivers... gigabit ethernet cards were pretty much unheard of when RH8 was released. Unless the Intel NIC drivers haven't changed since 2002... you would probably have trouble with this. RH8 may not even detect the NIC at all until you install the drivers... could turn in to a major pain. CentOS would more than likely have full support for the hardware, although that's not a 100% certainty. But is a lot more likely to support all the hardware as compared to RH8.

Something else to think about... how important will the data on the server be? If the hard disk crashed and was unrecoverable, would that be a problem? If so, it would probably be best to spend more of your budget on that side of things.

I noticed the Newegg format item numbers right away. Great place to shop. I buy most of my computer hardware from there.

[nsmoller]

JOhn thanks for all the info, and thanks to all that are contributing.

I know, this RH8 thing is b.s. i know nothing about linux, but know enough to say WTF. The OS is old as hell, not supported, and insecure in ways i couldnt comprehend.

The compliance with HIPAA is in the transmission of claims and in the database itself, not vulnerability for attack.

Do you have suggestions on network security that are free/low impact that would make this server a little tighter?
________
Ford hsc engine specifications

[John]

There are some things that you can do to make things a bit more secure, even if you must run RH8. First thing I would recommend is when you install RH8, install only what is required and nothing extra. After you have the system running, disable any and all unnecessary services. The fewer programs left running on the server the less there is exposed to potential hackers or automated stuff such as worms/viruses/etc.

Install a software firewall on the server and configure it so that ONLY the ports required for your dispensing software to work are enabled. One that I like is APF Firewall. If your software always initiates the data transfers, then set the firewall so that is the only way it would work... so data transfer on the specific port cannot be initiated externally. If the network that your server will connect to has a static IP address, or a known IP range... you can further configure the firewall to limit access to that specific IP or IP range.

Make sure you have a network router with a stateful firewall as it will give you an additional layer of security.

Disable telnet. Even if you need remote access available to the server, you can do it using SSH which is a secure encypted method of transmission. Telnet uses no encryption and there is no need for it anyhow as you can use SSH. I would recommend removing SSH that is installed with RH8 and reinstalling the most up to date version, even if you need to do so from source.

If remote access is required, you would need to pass the connection through your hardware router firewall. You could also proxy the SSH connection to the server via another server on your network that is running a fully updated secured install of RHEL4/CentOS4. The dispensing software server could be configured so that it would only accept connections from the proxy server, which would be more secure.

If you go with SSH direct to the dispensing software server, also configure SSH so that it will only accept connections from specific IP addresses.

If remote access is not required, by all means disable SSH as well. You will have console access to the server anyhow, so remote access may not even be needed.

Remove common access to compilers and fetching software. Basically make it so that only the root account can access those programs. LES is a nice script that will change the permissions for you, from the same company that made the APF firewall.

Install an anti-virus program. It may not be needed... but then again could be the thing that saves your server.


So, overall, what you are doing is making it so that only software that is actually needed on the server is running. Also making it so that any connections are limited to the specific systems/networks that should be doing the connecting. Basically lock down your server best you can and do it in as many layers as you can reasonably manage (the hardware firewall, etc).

Even with all that, I would still recommend using RHEL/CentOS if you can instead of using RH8.