LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 03-22-2007, 11:38 PM   #1
Basslord1124
Member
 
Registered: Jun 2004
Location: KY
Distribution: Debian, Mint, Puppy
Posts: 507

Rep: Reputation: 51
Am I safe??


I have kinda been wanting to dive into setting up iptables but sometimes I wonder if it is truly needed. Reason I say this, is b/c currently my home network is behind a router which of course has its own firewall. I have always been told that if you're behind a router with a firewall most often there is not much need for a 2nd software firewall. NOW, my Slack server does indeed run a few protocols (Samba, SSH, Apache, and so forth) but most of which are used on the LAN. I have only opened a few non-standard ports on the router to handle any of the protocols I wish to be public. And as I said they are on non-standard ports anyways. I have also been monitoring most all of my traffic that goes through my server and I hardly ever see anything that strikes me as suspicious. So is there much of a need for me to set up iptables or not?
 
Old 03-22-2007, 11:44 PM   #2
Jerre Cope
Member
 
Registered: Oct 2003
Location: Texas (central)
Distribution: ubuntu,Slackware,knoppix
Posts: 323

Rep: Reputation: 37
No, you are never safe. Do you have a log checker? I'd recommend logcheck. It's just a simple set of bash scripts that watch your log files for you and e-mail you when something atypical happens. Install it on all your machines.
 
Old 03-24-2007, 01:57 PM   #3
Basslord1124
Member
 
Registered: Jun 2004
Location: KY
Distribution: Debian, Mint, Puppy
Posts: 507

Original Poster
Rep: Reputation: 51
I figured that'd be the answer I'd receive.

Of course, I was probably gonna mess with iptables anyways just b/c I have never set it up. I have done ACLs on Cisco equipment and from what I have seen of iptables they are kinda similar. I was curious though about it just b/c I'd be running 2 firewalls. Thanks again, and I'll check that program out.
 
Old 03-25-2007, 10:52 AM   #4
sandgroper
Member
 
Registered: Jul 2004
Location: Perth , Western Australia
Distribution: Fedora Core 5 , Mint 9
Posts: 118

Rep: Reputation: 15
Quote:
Originally Posted by Basslord1124
I have kinda been wanting to dive into setting up iptables but sometimes I wonder if it is truly needed. Reason I say this, is b/c currently my home network is behind a router which of course has its own firewall. I have always been told that if you're behind a router with a firewall most often there is not much need for a 2nd software firewall. NOW, my Slack server does indeed run a few protocols (Samba, SSH, Apache, and so forth) but most of which are used on the LAN. I have only opened a few non-standard ports on the router to handle any of the protocols I wish to be public. And as I said they are on non-standard ports anyways. I have also been monitoring most all of my traffic that goes through my server and I hardly ever see anything that strikes me as suspicious. So is there much of a need for me to set up iptables or not?
To test if you router is doing it's job and to see if you have any open ports , do a quick check on the ShieldsUp web page , it does ports scans for up to 1024 ports and you can test any individual port as well as a few other security tests.


ShieldsUp! Website
 
Old 03-25-2007, 11:14 AM   #5
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 10,610
Blog Entries: 4

Rep: Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905
I use the shorewall tool to conveniently manage the iptables (firewall) settings of my machines. Each machine runs its own software-firewall and the whole shebang lives behind another firewall in the router.

We have a sensitive database-server that lives behind a second, VPN-enabled router (within the network) and all of the systems who want to talk to that server have to go through VPN to get there. This is our "inner sanctum."

Computer-system security is like any other kind of security: "it's not the locks, it's what you do with them." And to do the right thing with them, you need to acquire a basic understanding of what sort of threats you might reasonably face.

Ironically, one of the most-basic things that one should do with locks .. namely, "lock them!" .. is precisely the one thing that millions upon millions of Windows users do not do. Go figure...
 
Old 03-27-2007, 12:11 AM   #6
Redshift
LQ Newbie
 
Registered: Feb 2007
Distribution: Ubuntu
Posts: 27

Rep: Reputation: 15
Quote:
Originally Posted by sandgroper
To test if you router is doing it's job and to see if you have any open ports , do a quick check on the ShieldsUp web page , it does ports scans for up to 1024 ports and you can test any individual port as well as a few other security tests.


ShieldsUp! Website
What a cool link! How can I determine which ports to scan? (I'm a newbie.)
 
Old 03-27-2007, 01:44 AM   #7
Zention
Member
 
Registered: Mar 2007
Posts: 119

Rep: Reputation: 16
Brilliant you ask if you are safe in the security forum

I will play devil's advocate a bit then.

Adding iptables/netfilter to your host will mean there is extra code now running that may offer a vulnerability in your host.

Your router most probably has a NAT running and whist yes there are ways to compromise you through the NAT they generally involve you running malformed software.

NAT offers fairly good defense coupled with common sense in your software selection.

The majority of window hosts that get compromised are generally those who connect directly to the net and to be honest Linux boxes connected directly to the net can also suffer quite easily especially if the server option has been turned on when installing the distro.

Is iptables/netfilter suite examined for security vulnerabilities, you bet it is - so running iptables is not a bad option to add an extra layer of security.

But, do be aware firewalls have been the target for exploitation in the past, it is hard to write secure code, even harder in a commercial environment when people have to meet deadlines and add features for the marketing people who want to go to press at a certain time.

Snort has been subject to a recent vulnerability IIRC, so once you embark on the security path you need to have a few places to go to make sure your security toolkit is working as it should.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Is It safe,..... udazzleme Linux - General 3 01-23-2006 10:46 PM
Is it safe ? Alex_jacobson Solaris / OpenSolaris 2 03-02-2005 01:24 PM
How safe am I? bad_andy Linux - Security 2 01-29-2005 01:47 PM
Is this safe enough? koyi Linux - Security 4 08-18-2004 10:50 PM
is it safe... violaten Linux - Hardware 1 08-03-2003 02:56 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:52 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration