LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 01-15-2005, 05:59 AM   #1
shawn59
LQ Newbie
 
Registered: Dec 2004
Location: poole
Distribution: suse 10
Posts: 7

Rep: Reputation: 0
Question How do I know that my firewall is operating correctly?


I have just started to use suse 9.1, having previously used Windows XP I used Zone Alarm Firewall. This was fine and I was asked by applications whether they were to be allowed internet access. However with Suse , and have configured the firewall., I get no such questions and i do not have any icon to show that a firewall is active. Is this usual for Linux or should i download a further firewall. please help as i am very security conscious, but am slightly baffled ny linux as I have only used it for a day or so.
 
Old 01-15-2005, 09:05 AM   #2
koen plessers
Member
 
Registered: Aug 2003
Location: Belgium
Distribution: Mint
Posts: 191

Rep: Reputation: 30
Hello

Yes, ZoneAlarm, it is very good indead, but there is no such thing for Linux. Unless someone came up with it lately?

But that doesn't mean that there are no good firewalls for Linux. Linux even has one build in. I repeat for the people in Redmond: Linux has one build in. They aren't listening...

But how to use it? I use Shorewall, you can download it from www.shorewall.net.

Two tips I give you:

- to not give a tcmp echo (people won't even notice your there) add this to /etc/shorewall/rules:
DROP net fw tcp 113,135
DROP net fw icmp 8

- you can test your security settings at https://www.grc.com/x/ne.dll?bh0bkyd2

Have a lot of safe fun ;-)

Koen Plessers
 
Old 01-15-2005, 12:52 PM   #3
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
Might also want to have a look at guaddog and firestarter. Firestarter has a look and feel similar to ZoneAlarm in particular.
 
Old 01-22-2005, 10:28 AM   #4
shawn59
LQ Newbie
 
Registered: Dec 2004
Location: poole
Distribution: suse 10
Posts: 7

Original Poster
Rep: Reputation: 0
THANKS YOU GUYS FOR YOUR ADVICE. I AM USING SHOREWALL AT PRESENT, BUT FIND IT STRANGE THAT I NEVER GET A REQUEST TO ALLOW ACCESS TO THE INTERNET OR TO RECEIVE. IS THIS USUAL OR AM iM,ISSING SOMETHING.
 
Old 01-22-2005, 11:08 AM   #5
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
I AM USING SHOREWALL AT PRESENT, BUT FIND IT STRANGE THAT I NEVER GET A REQUEST TO ALLOW ACCESS TO THE INTERNET OR TO RECEIVE. IS THIS USUAL OR AM iM,ISSING SOMETHING.

Not really. Most linux firewalls don't prompt a user to make on-the-fly decisions on whether or not to allow certain types of traffic or allow certain applications to connect out (in fact I'm not aware of any). In my opinion, that's probably a good thing, because for the most part users will just click "OK" and allow traffic even though they may not know whether it's legitimate or not, which basically turns the firewall into swiss cheese after time. Plus along those lines, the average user isn't going to know what "Svchost.exe" is anyway and the warning messages that Zone alarm-like apps produce are basically worthless. If you'd like to be notified about odd connection attempts, you can add a iptables rule that logs any outbound connection attempts on non-standard ports.

From a security standpoint though, there are probably more effective means for detecting intrusions, like file alteration detection, host/network IDS, rootkit detection, etc.
 
Old 01-28-2005, 02:57 AM   #6
edsmithers
Member
 
Registered: Jul 2003
Distribution: slackware 9.1
Posts: 45

Rep: Reputation: 15
more about application level control

i use iptables with guarddog on slackware. i'm not very familiar with the intrusion detection options (rootkit etc) given but I assume its is easier/better to configure a complete security solution with linux.

however, i'm still unclear about whether i'm missing out on something without application level control through iptables. as long as i have no malicious software installed, then my firewall will reject all illegal connections. but if for some reason an evil app is hidden on my system, can it not access the internet through a valid port and protocol and do some kind of damage, since iptables will see it only as permissible connection and not a dissallowed app? so i would need a security system in addition to iptables to protect against this?

i think in windows the problem is that its so easy to get spyware and other crap auto installed and not even know about it. even though this is far less likely in linux, if it did happen i don't see how i could stop it with my current configuration.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Mouse not operating under X slacker9876 Linux - General 11 11-10-2005 01:45 PM
Firewall Operating Systems fishsponge Linux - Security 7 06-18-2005 02:35 PM
This will prevent GNOME from operating correctly. bootydookie Linux - Newbie 12 07-12-2004 08:39 AM
name of the operating system emmanuelmathew Linux From Scratch 5 02-11-2003 09:14 AM
Operating as su in KDE. romeovoid Linux - Distributions 3 09-11-2002 06:55 AM


All times are GMT -5. The time now is 09:48 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration