LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-31-2007, 06:56 PM   #1
stupeas
Member
 
Registered: Jan 2007
Location: Manchester/U.K
Distribution: Mandriva Free 2007
Posts: 30

Rep: Reputation: 15
antivirus & firewall


I know this question should probably be in the security forum, But i reckon that it IS probably a real newbie question. I installed Mandriva Free 2007 recently but can't find any antivirus or firewall programs. In some other threads it says not to worry about virus's, and that if you use NAT then a firewall isnt really needed. The thing is, I like to see what my machine is sending out to the internet. I am also on a wireless network so i am worried about somebody bypassing the router and connecting directly to me. Is it possible to get a firewall that ask's your permission before initiating outward connections, And an antivirus program that i know is being updated regularly. CANT YOU JUST TELL THAT IVE USED WINDOWS ALL MY COMPUTING LIFE!!!!

TIA
 
Old 01-31-2007, 07:28 PM   #2
dudeman41465
Member
 
Registered: Jun 2005
Location: Kentucky
Distribution: Ubuntu
Posts: 794

Rep: Reputation: 56
ClamAV is a pretty good Linux antivirus that should be in your package manager. When I used Mandriva it was RPMDrake I believe. This is good for detecting Windows viruses because even though they won't even run in a Linux environment, you don't want to mistakenly send them to your friends who are probably using Windows machines. As a firewall option, you can look at Guarddog, although last time I used Mandriva it had a pretty good built-in firewall utility. If it's still present in 2007 free and they didn't only put it in the paid version, then their default firewall utility should warn you on incoming connections and everything. Guarddog is a really good program, but it's also "very" strict, you have to allow "everything" you want, even http port 80 before you can even browse the web. Firestarter is another one you might look at, although it's Gnome based and when I tried using it on a KDE machine it didn't integrate well with the system tray.
 
Old 01-31-2007, 07:29 PM   #3
SciYro
Senior Member
 
Registered: Oct 2003
Location: hopefully not here
Distribution: Gentoo
Posts: 2,038

Rep: Reputation: 51
Linux has a builtin firewall called netfilter, its usally configured thru iptables, and that is configured thru more user friendly GUI's. Any firewall on Linux is just a script that sets up netfilter thru iptables.

Anti virus, look at ClamAV.

To monitor outgoing traffic, look at a program like ntop, or use netstat (both are command-line), to actually see whats going out, i think you'll need a packet sniffer, but why would you want to know exactly what is going out? ntop/netstat will provide you with all connections, but unless your debugging something, or spying on someone, you wouldn't need to know more then that.

Incoming connections is a problem, i know of no utility that will allow you to "accept" or "decline" connections as they happen. You can configure netfilter to filter connections (usually a state based filter is all you need, with exceptions for ports you require unknown incoming connections on). In any case, the firewall should only expose to outside and unknown connections only select ports, and if your just a desktop, you shouldest have any need to run services acessable to outside connections, so you can safely block these. Some programs, like bittorrent require to run a server of sorts, you might want to either allow unknown connections to all user application ports, or find out what ports youll need open so those services can still work (note: bittorrent will still work, but you wont be able to seed as no one could connect to you. Same goes for games like Starcraft, you can play multiplayer, but you cant host because no one can connect to you)
 
Old 01-31-2007, 07:36 PM   #4
camorri
LQ Guru
 
Registered: Nov 2002
Location: Somewhere inside 9.9 million sq. km. Canada
Distribution: Slackware 14.1, 14.2
Posts: 5,090

Rep: Reputation: 483Reputation: 483Reputation: 483Reputation: 483Reputation: 483
There are several anti-virus programs available for linux. Klamav is the one I use. F-prot is another that is free for linux systems. Most viruses are written for windbloze systems. Still not a bad idea to run one. There are a very few viruses written for linux.

As for someone "bypassing your NAT and getting access to your wireless lan, there are ways to secure this. There are at least two types of encryption. It all depends on your router and what it supports. Most support WEP, set up 128 bit wep keys. You set this up in your router, and in the systems you want to have access. Make sure you change the default password for your router. Most companies publish the default information in PDF files anyone can down load, so anyone can get access if they can connect to your router with the default password. There are other things you can do, have a look on the security forum for more information.

Most routers are firewalls. Have a look at your documentation and find out what it can do. You may not need any other firewall.
 
Old 01-31-2007, 08:10 PM   #5
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 670Reputation: 670Reputation: 670Reputation: 670Reputation: 670Reputation: 670
On the last message, I would recommend wpa encryption instead. There was a security forum sponsored by the FBI for business on wireless security. Two FBI agents cracked WEP in 3 minutes using only common open source tools in a live demonstration.

You should be able to include the MAC address of your AP in the configuration. While someone could try using your AP's MAC address to counter this, I think that wpa authentication (for both you and them) would fail if two APs used the same address. I haven't used Mandriva since wireless devices came out, so I'm not familiar how you would configure this on your system.

By default, it is incoming connections that are blocked. You only need to worry about outgoing connections if you have a compromised root program trying to dial out. If that where the case, it would be "game over" anyway, regardless of the OS you were using, and you would need to reinstall to be safe.

The netfilter firewall on your computer will provide backup protection in case the NAT router or perhaps a windows host on the wireless network has malware. You drop services that you don't want to answer, plus detect things like IP spoofing or SYN flooding.

If you are a bit paranoid, you could have the wireless device locked down harder, blocking all incoming non-established connections, and use a wired NIC cable to carry local net traffic. This would segregate wireless traffic to the outside zone and Samba, NFS, etc. traffic to the internal zone. ( But you would loose the convenience of wireless. It would be more secure as long as none of the hosts are compromised.
 
Old 02-01-2007, 03:18 AM   #6
stupeas
Member
 
Registered: Jan 2007
Location: Manchester/U.K
Distribution: Mandriva Free 2007
Posts: 30

Original Poster
Rep: Reputation: 15
Thanks everyone. You couldnt get this kind of support for windows. I think im going to like Linux.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Antivirus & Firewall ChevyCowboy15 Linux - Security 8 12-20-2006 02:18 PM
Is Suse Linux have their own antivirus & firewall? Lancelot1914 Linux - Newbie 11 12-19-2005 07:11 PM
antivirus progs &firewall vindbryn Linux - Newbie 34 01-31-2005 09:30 AM
Antivirus & Firewall garlam Slackware 12 12-30-2003 08:12 PM
firewall & antivirus need? romcgill Linux - Security 2 03-27-2003 10:50 PM


All times are GMT -5. The time now is 05:49 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration