LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 12-08-2003, 02:03 PM   #1
darkpark
LQ Newbie
 
Registered: Nov 2003
Location: NW Indiana
Distribution: Ubuntu 6.06 LTS
Posts: 18

Rep: Reputation: 0
should I bother with configuring security on my linux box if...


I already have a firewall on my inexpensive Netgear dsl/cable router. additionally, i have mac address filtering enabled too.
 
Old 12-08-2003, 03:10 PM   #2
stingx
Member
 
Registered: Oct 2002
Location: NYC
Distribution: Linux Mint 12 Mate
Posts: 54

Rep: Reputation: 15
Re: should I bother with configuring security on my linux box if...

Quote:
Originally posted by darkpark
I already have a firewall on my inexpensive Netgear dsl/cable router. additionally, i have mac address filtering enabled too.
You should ALWAYS turn off unnecessary services/ports. Disable ftp and telnet (use ssh and sftp) as a start, ditch sendmail if you don't need it, etc.

Of course, if you really don't feel like it, screw it...
 
Old 12-08-2003, 03:33 PM   #3
darkpark
LQ Newbie
 
Registered: Nov 2003
Location: NW Indiana
Distribution: Ubuntu 6.06 LTS
Posts: 18

Original Poster
Rep: Reputation: 0
I most definately would rather not have to do it... (i'm one lazy sob) but is the security on those inexpensive dsl/cable routers good enough for the home?
i'm not running a business or anything of that sort but i would like some security.
 
Old 12-08-2003, 04:58 PM   #4
Blinker_Fluid
Member
 
Registered: Jul 2003
Location: Clinging to my guns and religion.
Posts: 682

Rep: Reputation: 63
What have you got to loose? (there's your answer to how important it is...)
I Have my home system behind a D-link router have left all the ports closed on the router and my ISP doesn't give me an external IP so I'm not really worried about my box at home... Of course most the stuff I want to keep I burn to CD so even if I was hacked I fdisk and start from scratch.
 
Old 12-08-2003, 05:57 PM   #5
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
One thing to always keep in mind is that the various routers/modems/and even firewall appliances have vulnerabilities just like anything else. They may not occur as often, simply because they have limited applications that are exposed, but they do happen. If you want to set up a secure LAN, you should not be following the "hard outer-shell, with soft interior" model. You want something that is multi-layered, has rendundant functions to fall back on, and if you have the hardware is capable of detecting abnormalities inside the LAN. So why not use multiple firewalls, use tcp_wrappers and iptables, and remove un-needed apps (as per the good advice of stingx). That way you'll avoid a whole lot more grief if/when someone comes up with an exploit for you router.
 
Old 12-09-2003, 12:49 AM   #6
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
You're looking at it wrong. You shouldn't ask "why should I bother?" you should ask "why don't more people bother?"

Ever wonder how the Code Red worm spred? What about SQL Slammer? You would think firewalls would stop them, right? WRONG. Those worms went nuts because they used services that were allowed THROUGH the firewall. A firewall is not a panecea, it's not a solve-all solution. A firewall is just to give you a little buffer, a little *extra* protection over what you've already implemented.

Security should always work inside out. Protect your systems with widening rings. Why is this? Because over 80% of system compromises happen from insiders. An insider is anyone who was permitted access to your system at some level or another, then exploited that access to wreak havoc.

By now you're still thinking, "so what?" "So I'll just reformat if I get cracked." While your data might not be important, I'll bet you like using Google. I'll bet you don't like receiving spam, you may even use Amazon or ebay occasionally. Now it's really annoying when you can't use those sites because they're getting DDoS'd, or when you have to go through 200 e-mails in the morning because of spam.

Where am I going with this? Well where do you think DDoS's come from? Where do you think the majority of spam comes from? COMPROMISED MACHINES FROM PEOPLE LIKE YOU WHO DON'T THINK IT'S "WORTH IT" TO SECURE THEIR BOXES!!! The vast majority of computer users are exactly like you, which is why it's so easy to trojan a bunch of boxes and launch a DDoS or a massive flood of spambots.

Take it from a professional security engineer: secure your machines.
 
Old 12-09-2003, 08:15 AM   #7
fotoguy
Senior Member
 
Registered: Mar 2003
Location: Brisbane Queensland Australia
Distribution: KirraMail Live Email Server
Posts: 1,279

Rep: Reputation: 61
I have a home network as well with a router, i also run a firewall between my router and the cable modem. I too have nothing of any value on my network, if they crashed it, it would be more time lost if anything, but making it easier for them is not the answer. My system is not the most secure it could be, but with time and learning it will be, with security it's a constant learning curve, never set and forget, your always learning.
 
Old 12-11-2003, 12:18 PM   #8
Aftiel
LQ Newbie
 
Registered: Dec 2003
Posts: 1

Rep: Reputation: 0
I use the Homeportal 2-wire DSL modem/router - which has some decent firewall protection.

My network is behind it - 1 linux box, 4 windows machines.

The Homeportal allows for good updates to the firewall software, so in my case I dont run client firewalls.

However, I DO run nessus against my router, as well as nmap to check/update any vulnerabilities.


I also keep my Linux box completely patched at all times.

In the past 2 weeks my firewall logs have recorded 6 hacker attacks - none got through, all were logged.

In my case, nessus shows no vulnerabilities in my router (with the latest software,) so "I" feel running firewalls behind that one (for me) is overkill.

Bear in mind however, that e-v-e-r-y-t-h-i-n-g is patched and up-to-date.

Does your router do NAT and stateful packet inspection I assume? Along with limiting outbound (as well as inbound) traffic?

.: Aftiel
 
Old 12-11-2003, 09:37 PM   #9
2damncommon
Senior Member
 
Registered: Feb 2003
Location: Calif, USA
Distribution: Debian Wheezy
Posts: 2,839

Rep: Reputation: 48
I set up the simple Firestarter firewall on my PC, even though it is behind a firewall. It takes hits sometimes (visable in the log). I assume if someone knows how to exploit a vulnerability they could get into my system. If it also has unneeded services shutdown, and unnneeded access firewalled off, they will have a tougher time. It is not that hard to do.
You are making the choice of "convince me I really need to do this" against "HELP ME, I HAVE BEEN HACKED!!!!!" right now. What do you think you should do?
Good Luck.

Last edited by 2damncommon; 12-11-2003 at 09:40 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Need help configuring an old linux box with wireless interface connect to network itrap2003 Linux - Wireless Networking 3 06-25-2004 12:50 PM
How to build a Linux Security / Hack Box Pistol Linux - Newbie 4 10-31-2003 01:36 PM
Going INSANE with Apache and Configuring my Linux Box biggdady6998 Linux - Software 5 08-10-2003 11:08 PM
should i bother with all this security adamezzer Linux - Security 3 01-05-2002 03:56 PM
Your advice re: configuring a new Linux box lhoff Linux - General 1 09-01-2001 11:53 AM


All times are GMT -5. The time now is 06:21 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration