Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I scanned my ports with nmap and the output was something like this:
(The 1590 ports scanned but not shown below are in state: closed)
Port State Service
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
37/tcp open time
79/tcp open finger
113/tcp open auth
135/tcp filtered loc-srv
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
587/tcp open submission
6000/tcp open X11
I'm not running a server so I need an advice wich port should i close for home use (all?) and HOW...
If you don't need to access your system remotely, all those ports can be closed. The easiest way is to install a firewall. Your distro probably comes with a nice GUI front-end to set up a firewall.
You might also want to disable most of the services, the exact mechanism depends on which distro you're running.
Installing a firewall to close ports is a wrong philosophy of security. You should rather check if you can't uninstall the required piece of software (if you do not require it) or modificate on which ip addresses it listens on.
ftp, ssh, smtp can for sure be limited on which interfaces they listen on.
Originally posted by markus1982 Installing a firewall to close ports is a wrong philosophy of security.
I would say a different philosophy rather than a wrong one. There's nothing wrong with using firewalls. They are an effective method to protect your computer against certain threats. For a less experienced user they are probably also the best security solution.
One of the biggest problems implementing security is the complexity of doing so. The more complex the solution, relative to the experience of the implementor, the more likely it will be done incorrectly. Implementing a firewall in Linux using a distro. GUI is a simple thing and unlikely to be done incorrectly. Therefore in many cases it might result in better security than someone who tries to sort out twenty open ports one-by-one and makes mistakes doing so.
Having said all that, I agree that for an experienced user who knows what he/she is doing, disabling unwanted services and, where appropriate, deinstalling them entirely, is a stronger solution. Myself I would use both methods, mainly because I'm too lazy to run a portscan every single time I make a change on the server just to see if the change has opened up a port unexpectedly.
I would say a different philosophy rather than a wrong one.
You're right about that, however in these days more efforts should be taken to protect the application level; firewalls help but are just a pretty small amount of protection.
Quote:
One of the biggest problems implementing security is the complexity of doing so. The more complex the solution, relative to the experience of the implementor, the more likely it will be done incorrectly. Implementing a firewall in Linux using a distro. GUI is a simple thing and unlikely to be done incorrectly. Therefore in many cases it might result in better security than someone who tries to sort out twenty open ports one-by-one and makes mistakes doing so.
This is true. However when following the right appropoach when hardening the system this should not happen :-)
Quote:
Having said all that, I agree that for an experienced user who knows what he/she is doing, disabling unwanted services and, where appropriate, deinstalling them entirely, is a stronger solution. Myself I would use both methods, mainly because I'm too lazy to run a portscan every single time I make a change on the server just to see if the change has opened up a port unexpectedly.
You do not need to portscan yourself: netstat -A inet -l will print out all required information. Everything that is not bound to the loopback device (127.0.0.0/8) can be reached from external.
Originally posted by markus1982 netstat -A inet -l will print out all required information. Everything that is not bound to the loopback device (127.0.0.0/8) can be reached from external. [/B]
True, as long as you are checking what can be directly accessed from the local subnet. If you want to check how your computer looks from the other side of a router or a separate firewall then I think a portscan is a better option.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.