Is my computer safe enough if I use just iptables?
Timothy Payne
tim at tmpco.com
Sat Oct 16 06:27:20 UTC 2004
Don't laugh, OK go ahead, I set up an old P75 w/16 mb of ram on a piece
of 3/4" plywood. My apt. is small and it fits under an end table. All
I needed was a floppy drive and 2 nics, see www.freesco.org for an easy
firewall. And yes I save all my old computer stuff.
Tim...
On Fri, 2004-10-15 at 07:58, Scot L. Harris wrote:
> On Fri, 2004-10-15 at 09:40, VJ wrote:
> > Scot,
> > Thanks a lot for your advice. I am now thinking whether I should go for
> > some boxed firewall or not. I used to think Linux was secure enough. I
> > have my IPtables DROP by default and just opening the required holes
> > (HTTP and SMTP) to let these services be used from outside world. I do
> > not let my family login as root. Only I am the boss of the machine. The
> > only reason I got a bit worried was that I am using this machine as my
> > development/tinkering/playing(MythTV etc) machine + FIREWALL, with other
> > machine (XP) being used by my wife.
> >
> > I have tested my firewall using Sygate's online Firewall test and also
> > the same from Symantec. Both seemed to say my system was OK but then
> > suggested their own firewall software (which I dismissed as a sale
> > gimmick).
> >
> > I am still a bit confused, so I will do more research.
> >
>
> I think one of the cheap hardware firewalls would be a good idea in your
> case. As you are doing development work you could inadvertently open
> your system up and not even realize it.
>
> Most of these firewalls (linksys, netgear, etc) can be purchased for as
> little at $50. You may be able to find them even cheaper on line. You
> also get the added benefit of being able to have multiple systems on
> your local LAN share the Internet connection.
>
> You might also look for information such as
>
> http://linux.box.sk/newsread.php?newsid=775
>
> which discuss how to harden a linux system.
>
> I don't agree with everything in that link but much of it is great
> advice.
>
> You may also want to look at the http://www.bastille-linux.org project.
> Not sure how up to date it is but they had some great stuff a while
> back.
>
> The best thing to do is think of defense in depth. Have a decent
> firewall at the front but if possible run firewalls on each system.
> Disable unneeded or unused services. Run tripwire or something similar
> to notify when critical files get changed. Run chkrootkit or rkhunter
> to scan for known root kits. Use http://grc.com to scan your external
> system. Run virus scanning software on any windows box. If using your
> linux box as a MTA for windows systems run clamav or one of the other
> virus scanning packages. Keep an eye out for security issues in bugtraq
> and fedora announcement lists. Disable telnet, ftp, use ssh and scp
> instead. Disable root from logging in directly and restrict what users
> can log in remotely to your system.
>
> There a lot of good resources out there. But the best thing is to be
> really paranoid. Because they are out to get you! :)
>
>
> --
> Scot L. Harris
> webid at cfl.rr.com
>
> No yak too dirty; no dumpster too hollow.
More information about the fedora-list
mailing list