Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
03-22-2007, 11:38 PM
|
#1
|
Member
Registered: Jun 2004
Location: KY
Distribution: Debian, Mint, Puppy
Posts: 507
Rep:
|
Am I safe??
I have kinda been wanting to dive into setting up iptables but sometimes I wonder if it is truly needed. Reason I say this, is b/c currently my home network is behind a router which of course has its own firewall. I have always been told that if you're behind a router with a firewall most often there is not much need for a 2nd software firewall. NOW, my Slack server does indeed run a few protocols (Samba, SSH, Apache, and so forth) but most of which are used on the LAN. I have only opened a few non-standard ports on the router to handle any of the protocols I wish to be public. And as I said they are on non-standard ports anyways. I have also been monitoring most all of my traffic that goes through my server and I hardly ever see anything that strikes me as suspicious. So is there much of a need for me to set up iptables or not?
|
|
|
03-22-2007, 11:44 PM
|
#2
|
Member
Registered: Oct 2003
Location: Texas (central)
Distribution: ubuntu,Slackware,knoppix
Posts: 323
Rep:
|
No, you are never safe. Do you have a log checker? I'd recommend logcheck. It's just a simple set of bash scripts that watch your log files for you and e-mail you when something atypical happens. Install it on all your machines.
|
|
|
03-24-2007, 01:57 PM
|
#3
|
Member
Registered: Jun 2004
Location: KY
Distribution: Debian, Mint, Puppy
Posts: 507
Original Poster
Rep:
|
I figured that'd be the answer I'd receive.
Of course, I was probably gonna mess with iptables anyways just b/c I have never set it up. I have done ACLs on Cisco equipment and from what I have seen of iptables they are kinda similar. I was curious though about it just b/c I'd be running 2 firewalls. Thanks again, and I'll check that program out.
|
|
|
03-25-2007, 10:52 AM
|
#4
|
Member
Registered: Jul 2004
Location: Perth , Western Australia
Distribution: Fedora Core 5 , Mint 9
Posts: 118
Rep:
|
Quote:
Originally Posted by Basslord1124
I have kinda been wanting to dive into setting up iptables but sometimes I wonder if it is truly needed. Reason I say this, is b/c currently my home network is behind a router which of course has its own firewall. I have always been told that if you're behind a router with a firewall most often there is not much need for a 2nd software firewall. NOW, my Slack server does indeed run a few protocols (Samba, SSH, Apache, and so forth) but most of which are used on the LAN. I have only opened a few non-standard ports on the router to handle any of the protocols I wish to be public. And as I said they are on non-standard ports anyways. I have also been monitoring most all of my traffic that goes through my server and I hardly ever see anything that strikes me as suspicious. So is there much of a need for me to set up iptables or not?
|
To test if you router is doing it's job and to see if you have any open ports , do a quick check on the ShieldsUp web page , it does ports scans for up to 1024 ports and you can test any individual port as well as a few other security tests.
ShieldsUp! Website
|
|
|
03-25-2007, 11:14 AM
|
#5
|
LQ Guru
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 10,867
|
I use the shorewall tool to conveniently manage the iptables (firewall) settings of my machines. Each machine runs its own software-firewall and the whole shebang lives behind another firewall in the router.
We have a sensitive database-server that lives behind a second, VPN-enabled router (within the network) and all of the systems who want to talk to that server have to go through VPN to get there. This is our "inner sanctum."
Computer-system security is like any other kind of security: "it's not the locks, it's what you do with them." And to do the right thing with them, you need to acquire a basic understanding of what sort of threats you might reasonably face.
Ironically, one of the most-basic things that one should do with locks .. namely, "lock them!" .. is precisely the one thing that millions upon millions of Windows users do not do. Go figure...
|
|
|
03-27-2007, 12:11 AM
|
#6
|
LQ Newbie
Registered: Feb 2007
Distribution: Ubuntu
Posts: 27
Rep:
|
Quote:
Originally Posted by sandgroper
To test if you router is doing it's job and to see if you have any open ports , do a quick check on the ShieldsUp web page , it does ports scans for up to 1024 ports and you can test any individual port as well as a few other security tests.
ShieldsUp! Website
|
What a cool link! How can I determine which ports to scan? (I'm a newbie.)
|
|
|
03-27-2007, 01:44 AM
|
#7
|
Member
Registered: Mar 2007
Posts: 119
Rep:
|
Brilliant you ask if you are safe in the security forum
I will play devil's advocate a bit then.
Adding iptables/netfilter to your host will mean there is extra code now running that may offer a vulnerability in your host.
Your router most probably has a NAT running and whist yes there are ways to compromise you through the NAT they generally involve you running malformed software.
NAT offers fairly good defense coupled with common sense in your software selection.
The majority of window hosts that get compromised are generally those who connect directly to the net and to be honest Linux boxes connected directly to the net can also suffer quite easily especially if the server option has been turned on when installing the distro.
Is iptables/netfilter suite examined for security vulnerabilities, you bet it is - so running iptables is not a bad option to add an extra layer of security.
But, do be aware firewalls have been the target for exploitation in the past, it is hard to write secure code, even harder in a commercial environment when people have to meet deadlines and add features for the marketing people who want to go to press at a certain time.
Snort has been subject to a recent vulnerability IIRC, so once you embark on the security path you need to have a few places to go to make sure your security toolkit is working as it should.
|
|
|
All times are GMT -5. The time now is 11:05 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|