LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 06-10-2003, 04:03 AM   #1
futurist
Member
 
Registered: Mar 2002
Location: malaysia
Distribution: Mandriva 2006 RC1
Posts: 486

Rep: Reputation: 30
Wink Do I need firewall when use linux to surf net ?


is linux easily hacked ?
in windows, i use norton personal firewall.
 
Old 06-10-2003, 07:19 AM   #2
quip
Member
 
Registered: Jun 2003
Distribution: Slackware
Posts: 100

Rep: Reputation: 15
Quote:
is linux easily hacked ?
It depends on who is doing the hacking. Since linux is not as widely used as windows, and due to the difference between root and user, it is more secure out of the box and not as much of a target as windows, so it gets attacked less.

As for the firewall, it's your lucky day. Linux already has a firewall built right into your kernel called iptables It probably came set up to deny all incoming and allow all outgoing when you installed mandrake and rh. If you would like to configure it (it's not difficult and it is extremely configurable) then look into something like shorewall or gShield.
 
Old 06-10-2003, 07:23 AM   #3
BigNate
Member
 
Registered: Mar 2003
Location: Harrisburg, PA
Distribution: Gentoo, Debian, Ubuntu, Red Hat/CentOS
Posts: 719

Rep: Reputation: 30
RedHat has a gui config tool for iptables.

$/usr/sbin/lokkit

Good Luck!
 
Old 06-10-2003, 07:37 AM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,335
Blog Entries: 55

Rep: Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535
Do I need firewall when use linux to surf net ?
Without exeptions, if your box is connected to an untrusted network, you do need a firewall. Be aware tho just *having* a firewall doesn't mean necessarily it is secure by default unless you have a default policy of "deny" or "drop" for inbound traffic.

is linux easily hacked ?
That depends on what services you are running, how they are protected and if they are updated if security issues are known.
Take a default RH 6.0 install with RPC, BIND etc etc, and you'll have root in no time, independant of your skills (but depending on your skills to find the right skiddie tools :-] ).


Since linux is not as widely used as windows, and due to the difference between root and user, it is more secure out of the box and not as much of a target as windows, so it gets attacked less.
Wrong assumptions. Linux is not more secure out of the box because of only privilege separation: it's not a "lazy man's OS" and you should put in some work to secure it. Linux will only be more secure out of the box it is installed with up to date apps, daemons not listening to world as default and proper access restrictions wrt configuration, TCP Wrappers, PAM and firewall. Also Linux is not attacked less because it's "not as widely used as windows". Linux usage *is* widespread (have a look at for instance Netcraft's surveys). Whatever their purpose, Linux servers are powerfull, configurable, and in some instances not well looked after. The ideal hideout to "do some work" for some people.
 
Old 06-10-2003, 07:56 AM   #5
quip
Member
 
Registered: Jun 2003
Distribution: Slackware
Posts: 100

Rep: Reputation: 15
Quote:
Without exeptions, if your box is connected to an untrusted network, you do need a firewall. Be aware tho just *having* a firewall doesn't mean necessarily it is secure by default unless you have a default policy of "deny" or "drop" for inbound traffic.
When I installed mandrake 9.1, it asked what services I would like to make avaiable to the internet. When I said none, it set up as default drop. This is all I was referring to.

Quote:
Wrong assumptions. Linux is not more secure out of the box because of only privilege separation: it's not a "lazy man's OS" and you should put in some work to secure it. Linux will only be more secure out of the box it is installed with up to date apps, daemons not listening to world as default and proper access restrictions wrt configuration, TCP Wrappers, PAM and firewall. Also Linux is not attacked less because it's "not as widely used as windows". Linux usage *is* widespread (have a look at for instance Netcraft's surveys). Whatever their purpose, Linux servers are powerfull, configurable, and in some instances not well looked after. The ideal hideout to "do some work" for some people.
True, you must put in the work. Patches and proper config are essential. However, for someone who is running two boxes (or at least a dual boot, look under his name) with 250 posts, this person should know that patches and updated software is essential. I probably should have said something, though.
I know about netcraft's surveys; when I said that linux is not as widespread, I meant desktop, which is true, and since I doubt this person is setting up a server, then that is the situation that applies to him/her.
 
Old 06-10-2003, 08:29 AM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,335
Blog Entries: 55

Rep: Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535
When I installed mandrake 9.1, it asked what services I would like to make avaiable to the internet. When I said none, it set up as default drop. This is all I was referring to.
Np, one of the things I learned is that I usually need to give a reason why someone should do something and explain stuff in some detail because I can't assume the knowledge is there (and hardly anyone posts what/how they did something in detail to prove it), it allows them to make a decision themselves, and it benefits ppl who'll search LQ later on and read this thread.


However, for someone who is running two boxes (or at least a dual boot, look under his name) with 250 posts, this person should know that patches and updated software is essential. I probably should have said something, though.
I'm not attacking you, but post count != knowledge. One of our jobs as mods is to clear up stuff where we can. Stating the obvious is sometimes necessary.


I know about netcraft's surveys; when I said that linux is not as widespread, I meant desktop, which is true, and since I doubt this person is setting up a server, then that is the situation that applies to him/her.
Even tho a Linux/GNU box has been set up as a "desktop" box, in essence the whole underlying system *is* a server regardless of you wanting it or not: it's how Linux/GNU handles things. Server system = server responsabilities = server security.
 
Old 06-10-2003, 01:23 PM   #7
quip
Member
 
Registered: Jun 2003
Distribution: Slackware
Posts: 100

Rep: Reputation: 15
I just reread my post, and I seem like I'm kinda pissed. Didn't mean to, I apologize. It was early in the morning and while I am still a relative newb, I didn't want to come off looking like a complete nimrod because I wasn't clear enough and just signed up (so I only have five posts or something.)

Anyway, thanks for the patience.
 
Old 06-10-2003, 01:43 PM   #8
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,335
Blog Entries: 55

Rep: Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535
I just reread my post, and I seem like I'm kinda pissed.
Hmm. No, no need to apologize, you tried to explain your part, I mine. That's kewl to me, at least we try to make things clear...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
proxy settings to surf the net megadsonic Linux - Newbie 3 10-07-2005 07:06 PM
unable to surf the net when firestarter in use. greythorne Ubuntu 6 07-16-2005 02:41 AM
linksys router won't let me surf the net Neomaster Linux - Networking 12 12-10-2003 09:28 AM
Connected to network but canīt surf the net jimdaworm Linux - Networking 3 08-19-2003 02:44 PM
about surf net via dial-up modem laxi Linux - General 2 07-13-2003 03:06 AM


All times are GMT -5. The time now is 02:41 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration