LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   Is this safe enough? (http://www.linuxquestions.org/questions/linux-security-4/is-this-safe-enough-219232/)

koyi 08-18-2004 10:01 AM

Is this safe enough?
 
I just learned to use iptables to protect my box. This is just a personal box which I work and do casual things on. Not a server or router. This is the output from iptables -L:

Code:

bash-2.05b# iptables -L
Chain INPUT (policy DROP)
target    prot opt source              destination       
ACCEPT    all  --  anywhere            anywhere            state RELATED,ESTABLISHED
ACCEPT    all  --  localhost            anywhere           

Chain FORWARD (policy DROP)
target    prot opt source              destination       

Chain OUTPUT (policy ACCEPT)
target    prot opt source              destination       
bash-2.05b#

As you can see, I allow all data out of my box(Chain OUTPUT).
I just wonder if this is safe enough?
All suggestions welcome :)

Thanks.

iceman47 08-18-2004 03:40 PM

It can never be safe enough.
That setup won't drop non-routable ip adresses, allows you box to be pinged, allows potential
crackers to connect to everywhere once on your box and so on.
I'd call that a _very_ basic setup, just as safe as a closed but not locked door.

koyi 08-18-2004 09:57 PM

Thanks for replying. :)

Is there any good cookbooks or samples around with a reasonable setup for a desktop like this? Or should I tighten the security to the level of a network server?

Actually this box is not connected directly to the Internet. It connects to the Internet through a DSL modem with a router built-in. And I dun think there is a firewall function in that modem.

iceman47 08-18-2004 11:45 PM

It won't hurt to secure your desktop like a server and it's great practice.
http://www.netfilter.org/ will help you further or if you want to do it easy, check http://www.shorewall.net.

koyi 08-18-2004 11:50 PM

Thanks for the info, I will try to read them when I am free. Thanks :)


All times are GMT -5. The time now is 12:55 AM.