LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 09-29-2007, 03:22 AM   #1
kantor_98
Member
 
Registered: Jan 2007
Posts: 68

Rep: Reputation: 15
Do I need protection in Fedora net ?


I have fedora 7 installed in an UPC romanian cable net. I have no antivirus and the firewall settings for fedora are disabled. It is OK ? Can I be in danger ? I also have win XP n the computer. When on the net in Linux, could somebody affect my win partition ?
Maybe it sound like a stupid question, but if I new the answer I would not ask !
Thank you !
 
Old 09-29-2007, 03:50 AM   #2
anotherlinuxuser
Member
 
Registered: Jan 2007
Location: Alberta Canada
Distribution: Fedora/Redhat/CentOS
Posts: 68

Rep: Reputation: 19
Without a firewall running, your system will be accessible from the 'Net unless it is behind a router of some sort. If your network cable is plugged directly from your computer into a cable/adsl modem, you need a firewall running on Linux just as you do on Windows.

Fedora's 'Security Level and Firewall' app in the Administration menu is good a good start. Enable the firewall and turn of all trusted services, unless you have good reason to leave them as trusted.

If someone does manage to log onto your system, they would need 'root' access to really hurt your system, but you don't want anyone logging on anyways.

Anti-virus isn't as big a concern, but there are some good free anti-virus programs available for linux, just search web.

Good Luck
 
Old 09-29-2007, 03:55 AM   #3
IndyGunFreak
Senior Member
 
Registered: Aug 2003
Location: Indpls
Distribution: Laptops: Debian Jessie XFCE, NAS: OpenMediaVault 3.0
Posts: 1,355

Rep: Reputation: 70
I personally have always felt adequately protected under Linux with just a hardware firewall/router(which I think everyone should have anyways). I don't trust a software firewall to do the job a hardware firewall should be doing.

Are you behind a router?

IGF
 
Old 09-29-2007, 04:20 AM   #4
matthewg42
Senior Member
 
Registered: Oct 2003
Location: UK
Distribution: Kubuntu 12.10 (using awesome wm though)
Posts: 3,530

Rep: Reputation: 63
There is no 100% secure way to network your computer to an untrusted network, and there is no single measure which will provide near invulnerability. Security is not a bolt-on you should keep it in mind when you do anything.

If you have no firewall, and are not behind a NAT router, other internet users can and probably will try to connect to your computer. There are always bots scanning the net, especially in cable and DSL IP ranges.

Don't run un-necessary services. Don't run a web server you don't need, FTP server, ssh server and so on. You can find out which programs are listening for connections like this (run this command as root or with sudo):
Code:
netstat -l -t -p
You will probably have some results there. Understand what they are, and if you don't need them, turn them off, or set them up so they only respond to your local machine or IPs on your local (home) network.

If you are behind a NAT router, make sure uPNP is turned off if don't use it. Also, make sure port forwarding it set up so that only incoming traffic which you absolutely need to forwarded to your computer. Port forwarding is often called "virtual servers" in domestic routers.

It's a good idea to check what ports are open on your machine using a web based service such as shields up.

Of course, this is not enough for good security - you also need to avoid risky behaviour when you are using net services. This means knowing not to run code from untrusted sources, checking certificates, not opening attachments, turning off javascript in your browser whenever possible (use noscript and adblock for firefox). etc. etc.

There is no magic bullet - you have to be part of the process and guard against risky behaviour.

Linux has a better track record than Windows when it comes to security, but it is not a perfectly secure system. The reasons for Window's bad record are numerous and some of them controversial. I don't think this is a good place to have that discussion.

On the specific question about whether someone can access your Windows partition when you use Linux... Do you share this partition using samba or some other network file system technology? If so, you need to make sure it is only accessible from machines which should have access to it and that the connection requires authentication. Take both of these precautions, not just one of them.

Last edited by matthewg42; 09-29-2007 at 04:23 AM.
 
Old 09-29-2007, 04:45 AM   #5
IndyGunFreak
Senior Member
 
Registered: Aug 2003
Location: Indpls
Distribution: Laptops: Debian Jessie XFCE, NAS: OpenMediaVault 3.0
Posts: 1,355

Rep: Reputation: 70
Quote:
Originally Posted by matthewg42 View Post
There is no 100% secure way to network your computer to an untrusted network, and there is no single measure which will provide near invulnerability. Security is not a bolt-on you should keep it in mind when you do anything.

If you have no firewall, and are not behind a NAT router, other internet users can and probably will try to connect to your computer. There are always bots scanning the net, especially in cable and DSL IP ranges.

Don't run un-necessary services. Don't run a web server you don't need, FTP server, ssh server and so on. You can find out which programs are listening for connections like this (run this command as root or with sudo):
Code:
netstat -l -t -p
You will probably have some results there. Understand what they are, and if you don't need them, turn them off, or set them up so they only respond to your local machine or IPs on your local (home) network.

If you are behind a NAT router, make sure uPNP is turned off if don't use it. Also, make sure port forwarding it set up so that only incoming traffic which you absolutely need to forwarded to your computer. Port forwarding is often called "virtual servers" in domestic routers.

It's a good idea to check what ports are open on your machine using a web based service such as shields up.

Of course, this is not enough for good security - you also need to avoid risky behaviour when you are using net services. This means knowing not to run code from untrusted sources, checking certificates, not opening attachments, turning off javascript in your browser whenever possible (use noscript and adblock for firefox). etc. etc.

There is no magic bullet - you have to be part of the process and guard against risky behaviour.

Linux has a better track record than Windows when it comes to security, but it is not a perfectly secure system. The reasons for Window's bad record are numerous and some of them controversial. I don't think this is a good place to have that discussion.

On the specific question about whether someone can access your Windows partition when you use Linux... Do you share this partition using samba or some other network file system technology? If so, you need to make sure it is only accessible from machines which should have access to it and that the connection requires authentication. Take both of these precautions, not just one of them.
I agree with all of the above. I've tweaked my SPI firewall quite a bit over the last year, year and a half, and while I'm sure someone could get on my network, I at least hope to make them work at it.

This is one reason I just don't trust wireless networks.

IGF
 
Old 09-29-2007, 07:23 PM   #6
kantor_98
Member
 
Registered: Jan 2007
Posts: 68

Original Poster
Rep: Reputation: 15
I shared my win partitions only to myself in fedora (from the root, to the normal user). But to nobody else in the net. Safe enough ?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
lose the net in fedora kantor_98 Linux - Newbie 1 09-29-2007 04:01 AM
Fedora protection mickeyboa Fedora 3 11-08-2006 12:50 PM
LXer: Asigra upgrades its net service for multi-OS protection LXer Syndicated Linux News 0 02-15-2006 07:31 PM
Fedora net upgrade? phishphan420 Linux - Software 4 02-14-2006 09:21 PM
want fedora screensavers, but not on net maccam912 Linux - Newbie 2 08-03-2005 09:14 AM


All times are GMT -5. The time now is 12:22 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration