antivirus & firewall
 

I know this question should probably be in the security forum, But i reckon that it IS probably a real newbie question. I installed Mandriva Free 2007 recently but can't find any antivirus or firewall programs. In some other threads it says not to worry about virus's, and that if you use NAT then a firewall isnt really needed. The thing is, I like to see what my machine is sending out to the internet. I am also on a wireless network so i am worried about somebody bypassing the router and connecting directly to me. Is it possible to get a firewall that ask's your permission before initiating outward connections, And an antivirus program that i know is being updated regularly. CANT YOU JUST TELL THAT IVE USED WINDOWS ALL MY COMPUTING LIFE!!!!

TIA

ClamAV is a pretty good Linux antivirus that should be in your package manager. When I used Mandriva it was RPMDrake I believe. This is good for detecting Windows viruses because even though they won't even run in a Linux environment, you don't want to mistakenly send them to your friends who are probably using Windows machines. As a firewall option, you can look at Guarddog, although last time I used Mandriva it had a pretty good built-in firewall utility. If it's still present in 2007 free and they didn't only put it in the paid version, then their default firewall utility should warn you on incoming connections and everything. Guarddog is a really good program, but it's also "very" strict, you have to allow "everything" you want, even http port 80 before you can even browse the web. Firestarter is another one you might look at, although it's Gnome based and when I tried using it on a KDE machine it didn't integrate well with the system tray.

Linux has a builtin firewall called netfilter, its usally configured thru iptables, and that is configured thru more user friendly GUI's. Any firewall on Linux is just a script that sets up netfilter thru iptables.

Anti virus, look at ClamAV.

To monitor outgoing traffic, look at a program like ntop, or use netstat (both are command-line), to actually see whats going out, i think you'll need a packet sniffer, but why would you want to know exactly what is going out? ntop/netstat will provide you with all connections, but unless your debugging something, or spying on someone, you wouldn't need to know more then that.

Incoming connections is a problem, i know of no utility that will allow you to "accept" or "decline" connections as they happen. You can configure netfilter to filter connections (usually a state based filter is all you need, with exceptions for ports you require unknown incoming connections on). In any case, the firewall should only expose to outside and unknown connections only select ports, and if your just a desktop, you shouldest have any need to run services acessable to outside connections, so you can safely block these. Some programs, like bittorrent require to run a server of sorts, you might want to either allow unknown connections to all user application ports, or find out what ports youll need open so those services can still work (note: bittorrent will still work, but you wont be able to seed as no one could connect to you. Same goes for games like Starcraft, you can play multiplayer, but you cant host because no one can connect to you)

There are several anti-virus programs available for linux. Klamav is the one I use. F-prot is another that is free for linux systems. Most viruses are written for windbloze systems. Still not a bad idea to run one. There are a very few viruses written for linux.

As for someone "bypassing your NAT and getting access to your wireless lan, there are ways to secure this. There are at least two types of encryption. It all depends on your router and what it supports. Most support WEP, set up 128 bit wep keys. You set this up in your router, and in the systems you want to have access. Make sure you change the default password for your router. Most companies publish the default information in PDF files anyone can down load, so anyone can get access if they can connect to your router with the default password. There are other things you can do, have a look on the security forum for more information.

Most routers are firewalls. Have a look at your documentation and find out what it can do. You may not need any other firewall.

On the last message, I would recommend wpa encryption instead. There was a security forum sponsored by the FBI for business on wireless security. Two FBI agents cracked WEP in 3 minutes using only common open source tools in a live demonstration.

You should be able to include the MAC address of your AP in the configuration. While someone could try using your AP's MAC address to counter this, I think that wpa authentication (for both you and them) would fail if two APs used the same address. I haven't used Mandriva since wireless devices came out, so I'm not familiar how you would configure this on your system.

By default, it is incoming connections that are blocked. You only need to worry about outgoing connections if you have a compromised root program trying to dial out. If that where the case, it would be "game over" anyway, regardless of the OS you were using, and you would need to reinstall to be safe.

The netfilter firewall on your computer will provide backup protection in case the NAT router or perhaps a windows host on the wireless network has malware. You drop services that you don't want to answer, plus detect things like IP spoofing or SYN flooding.

If you are a bit paranoid, you could have the wireless device locked down harder, blocking all incoming non-established connections, and use a wired NIC cable to carry local net traffic. This would segregate wireless traffic to the outside zone and Samba, NFS, etc. traffic to the internal zone. ( But you would loose the convenience of wireless. It would be more secure as long as none of the hosts are compromised.

Thanks everyone. You couldnt get this kind of support for windows. I think im going to like Linux.:newbie: