The more I search for the answers for this question, the more confused I get. I am just a guy with a Linux OS. I surf the web and check email. I have no other users, no servers, no remote access and a cable connection.

Here's the confusion: Some claim that hackers are around every corner trying to hack into your system and need to constant monitoring and security hardening. I tend to take that with a grain of salt. I am not running a server and there's really not much on my hard drive anyone would want to steal. Others (including my cable company) say that hackers are looking for big companies to attack. They say that security on their server is more than adequate for the home user.

So who's right? Do I really need to spend hours and hours securing a simple desktop, stand-alone PC?

Ted.

Well, first off I wouldn't say you'd have to spend hours and hours securing a linux box. It's not that hard.

However, just because you don't have anything on your HD worth looking at, doesn't mean hackers can't use your computer. Most of the time hackers break in a home computer to use your computer to hack other computers and sometimes to upload files to be distributed over the internet such as porn or a virus.

It is fairly important that you secure your computer. It isn't hard. All you need to do is spend 30 minutes looking at a firewall. I'm sure if you are new to linux you are running RH and I think there's a GUI for a firewall. So it won't be bad.

So what if hackers hack from your box?? You will have to deal with your ISP and explain why you were trying to break into whitehouse.gov, etc.

Oh, I didn't think of that. I know how to setup Shorewall to drop packets, I'll go set it up.

Most of the information on the 'net for securing Linux pertains to securing servers, not the desktop. I don't think I need such radical measure for a desktop. If there is a good place to read more information tailored for desktop users I would like to know about them. I will continue searching for information.

Thank you so much for your help,
Ted.

SirSlappy makes excellent points.

I'll just add that, even though you didn't conciously setup any server software, most Linux distributions install some automatically (often at least Sendmail and Apache). You might not even be aware that they're running. Also, in addition to using a compromised machine to cover their tracks when they try to hack into bigger sites, crackers often will try to compromise massive amounts of machines and use them as "zombies" to launch Distributed Denial of Service attacks, such as the recent worm that caused infected computers to attack www.sco.com. One of the other really common things cracked boxes are used for is to send spam. I would say probably as much as 25% of all spam these days is being sent through compromised boxes.

If you want to learn more about how Linux boxes are compromised to send spam, read this article.

Thank you very much for the info and the excellent link. I now have Shorewall setup to drop packets. All but one port is stealthed. Port 137 used for authentication is closed. I may experiment with stealthing that port too.

Have a good one,
Ted.

Um. by stealth you mean???

If it's not closed, then it's not safe. There are tons of scanners out there, nmap to name one, that can see straight through any "half-way" blocking of ports.

Find out what's running by doing:
nmap -vv localhost

This is most likely the easiest way for you to find out exactly what ports are open. Once you find out what's open, decide if you need that service. Most likely you wo'nt need sendmail or apache. Samba might be running and there are tons of exploits for that out. If you're not gonna network with windows, kill it. In other words, find out what you need and either kill the process of the rest or filter incoming traffic on those ports.

I think you mean 113 (auth). Port 137 is used for NetBIOS Name Service.

Like SirSlappy says, if you don't need the services, you should disable them. Don't rely on a firewall to protect you if you're running unnecessary services. Yes, firewalls are good, but they're only secondary defense. The best defense is not having vulnerable services running in the first place.

Yes, I know. I recently had to reinstall and am just now getting around to that. I now have all unneeded services stopped.

By stealth I mean that the port is not only blocked (closed) but incoming packets are dropped, ICMP echo requests never get back to the originating host so the port-scanner doesn't even know there is a computer out there.

So far I have set up the firewall, disabled services and installed all the latest patches. I should be fairly secure. I will run nmap just to be sure.

Thanks for all the help,
Ted.

Here is the output from nmap:

Starting nmap 3.30 ( http://www.insecure.org/nmap/ ) at 2004-02-22 21:17 EST
Host localhost (127.0.0.1) appears to be up ... good.
Initiating SYN Stealth Scan against localhost (127.0.0.1) at 21:17
Adding open port 111/tcp
Adding open port 6000/tcp
Adding open port 631/tcp
The SYN Stealth Scan took 2 seconds to scan 1644 ports.
Interesting ports on localhost (127.0.0.1):
(The 1641 ports scanned but not shown below are in state: closed)
Port State Service
111/tcp open sunrpc
631/tcp open ipp
6000/tcp open X11

Looks pretty good?

Ted.

Disable portmapper (there should be a /etc/rc.d/init.d script for it)
Add -nolisten tcp to your xserver arguments
Make sure that only localhost is allowed to make connections to CUPSd

Other than that, you're set (assuming you're all up to date on security patches).

Oh, thanks. I appreciate it. I disabled the portmapper service and I will now do as you suggested. I don't want to be one of those Linux users who think Linux is totally secure by default. Security is only as good as you make it no matter what OS you are using.

Have a great day,
Ted.

I with the rest of the people on here had as good of an attitude as you do. I'm glad I could help you. If ya need anything else, ooSirSlappyoo on AIM. Feel free to ask. NIce job in securing your box.

Thanks for the help. I am a realist. The more poplular Linux becomes, the more dilligent we will have to be.

Have a great day,
Ted.

if you want to test your newly secured box goto www.grc.com and run the sheildsup program also lots of interesting reading reharding DoS Attacks.

By Stealth did you mean that the packets were DROPPED not REJECTED?

Why would he do ShieldsUp? He already ran nmap on his loopback adaptor. That will even find listening ports that ShieldsUp can't... I appreciate the effort to help, but know what you're talking about when you give advice.