Is my computer safe enough if I use just iptables?

Purvis Robert robert.purvis at nhsia.nhs.uk
Fri Oct 15 14:16:06 UTC 2004 

On my iptables firewall I have disabled all POP, IMAP and SMTP in both
directions, disabled sendmail, and use a web mail account instead. I can
then also access my email from work as well as home. If the only email
use is for your personal email then this is a simple way of shutting
down that avenue of attack.

Rob

-----Original Message-----
From: fedora-list-bounces at redhat.com
[mailto:fedora-list-bounces at redhat.com] On Behalf Of Leonard Isham
Sent: 15 October 2004 14:50
To: vj at vijaygill.homelinux.net; For users of Fedora Core releases
Subject: Re: Is my computer safe enough if I use just iptables?


On Fri, 15 Oct 2004 14:40:28 +0100 (IST), VJ
<vj at vijaygill.homelinux.net> wrote:
> Scot,
>  Thanks a lot for your advice. I am now thinking whether I should go 
> for some boxed firewall or not. I used to think Linux was secure 
> enough. I have my IPtables DROP by default and just opening the 
> required holes (HTTP and SMTP) to let these services be used from 
> outside world. I do not let my family login as root. Only I am the 
> boss of the machine. The only reason I got a bit worried was that I am

> using this machine as my development/tinkering/playing(MythTV etc) 
> machine + FIREWALL, with other machine (XP) being used by my wife.
> 
>  I have tested my firewall using Sygate's online Firewall test and 
> also the same from Symantec. Both seemed to say my system was OK but 
> then suggested their own firewall software (which I dismissed as a 
> sale gimmick).
> 
>  I am still a bit confused, so I will do more research.
> 

Think about it for a minute.  You let SMTP and http in so if either of
these gets compromised then you have been owned.  Keep up to date on
your daemons and secure them above and beyond the standard install. 
Read up on locking them down.  Minimize display of information the
indicates what you are running and the version information.  Use chroot
jails... and remember google is your friend.


-- 
Leonard Isham, CISSP 
Ostendo non ostento.

-- 
fedora-list mailing list
fedora-list at redhat.com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list

This e-mail is confidential and privileged. If you are not the intended recipient please accept our apologies; please do not disclose, copy or distribute information in this e-mail or take any action in reliance on its contents: to do so is strictly prohibited and may be unlawful. Please inform us that this message has gone astray before deleting it. Thank you for your co-operation.

More information about the fedora-list mailing list