LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 08-18-2004, 09:01 AM   #1
koyi
Member
 
Registered: Jul 2003
Location: Osaka, Japan
Distribution: Arch, Ubuntu
Posts: 421

Rep: Reputation: 31
Is this safe enough?


I just learned to use iptables to protect my box. This is just a personal box which I work and do casual things on. Not a server or router. This is the output from iptables -L:

Code:
bash-2.05b# iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     all  --  localhost            anywhere            

Chain FORWARD (policy DROP)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
bash-2.05b#
As you can see, I allow all data out of my box(Chain OUTPUT).
I just wonder if this is safe enough?
All suggestions welcome

Thanks.
 
Old 08-18-2004, 02:40 PM   #2
iceman47
Senior Member
 
Registered: Oct 2002
Location: Belgium
Distribution: Debian, Free/OpenBSD
Posts: 1,123

Rep: Reputation: 47
It can never be safe enough.
That setup won't drop non-routable ip adresses, allows you box to be pinged, allows potential
crackers to connect to everywhere once on your box and so on.
I'd call that a _very_ basic setup, just as safe as a closed but not locked door.
 
Old 08-18-2004, 08:57 PM   #3
koyi
Member
 
Registered: Jul 2003
Location: Osaka, Japan
Distribution: Arch, Ubuntu
Posts: 421

Original Poster
Rep: Reputation: 31
Thanks for replying.

Is there any good cookbooks or samples around with a reasonable setup for a desktop like this? Or should I tighten the security to the level of a network server?

Actually this box is not connected directly to the Internet. It connects to the Internet through a DSL modem with a router built-in. And I dun think there is a firewall function in that modem.
 
Old 08-18-2004, 10:45 PM   #4
iceman47
Senior Member
 
Registered: Oct 2002
Location: Belgium
Distribution: Debian, Free/OpenBSD
Posts: 1,123

Rep: Reputation: 47
It won't hurt to secure your desktop like a server and it's great practice.
http://www.netfilter.org/ will help you further or if you want to do it easy, check http://www.shorewall.net.
 
Old 08-18-2004, 10:50 PM   #5
koyi
Member
 
Registered: Jul 2003
Location: Osaka, Japan
Distribution: Arch, Ubuntu
Posts: 421

Original Poster
Rep: Reputation: 31
Thanks for the info, I will try to read them when I am free. Thanks
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Is sock_sendmsg MP safe gsreekanth1 Linux - Networking 0 07-05-2005 01:27 AM
Is it safe ? Alex_jacobson Solaris / OpenSolaris 2 03-02-2005 01:24 PM
How safe am I? bad_andy Linux - Security 2 01-29-2005 01:47 PM
Is raid safe ? ziz Linux - Hardware 2 03-04-2004 06:05 AM
is it safe... violaten Linux - Hardware 1 08-03-2003 02:56 AM


All times are GMT -5. The time now is 12:34 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration