Is my computer safe enough if I use just iptables?
Leonard Isham
leonard.isham at gmail.com
Fri Oct 15 13:49:42 UTC 2004
On Fri, 15 Oct 2004 14:40:28 +0100 (IST), VJ <vj at vijaygill.homelinux.net> wrote:
> Scot,
> Thanks a lot for your advice. I am now thinking whether I should go for
> some boxed firewall or not. I used to think Linux was secure enough. I
> have my IPtables DROP by default and just opening the required holes
> (HTTP and SMTP) to let these services be used from outside world. I do
> not let my family login as root. Only I am the boss of the machine. The
> only reason I got a bit worried was that I am using this machine as my
> development/tinkering/playing(MythTV etc) machine + FIREWALL, with other
> machine (XP) being used by my wife.
>
> I have tested my firewall using Sygate's online Firewall test and also
> the same from Symantec. Both seemed to say my system was OK but then
> suggested their own firewall software (which I dismissed as a sale
> gimmick).
>
> I am still a bit confused, so I will do more research.
>
Think about it for a minute. You let SMTP and http in so if either of
these gets compromised then you have been owned. Keep up to date on
your daemons and secure them above and beyond the standard install.
Read up on locking them down. Minimize display of information the
indicates what you are running and the version information. Use
chroot jails... and remember google is your friend.
--
Leonard Isham, CISSP
Ostendo non ostento.
More information about the fedora-list
mailing list