LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 10-11-2006, 07:57 AM   #1
richardh1970
LQ Newbie
 
Registered: Nov 2005
Location: Buckinghamshire, UK
Distribution: Slackware
Posts: 26

Rep: Reputation: 0
Different Security models - confused.


I'm starting to look at securing my slackware box. I've got a basic understanding of host.allow/hosts.deny and I'm reading iptables tutorials (so far they make sense).

What I don't understand is the relationship between these two security systems. Should I be restricting traffic with hosts.(allow|deny) or should I be using iptables or both? What are the implications of using both - is it possible to set up contradictions where traffic is allowed under the hosts files and denied under iptables etc?

Can someone explain this or point me to a web page which compares the two systems?

Many thanks,

R.
 
Old 10-11-2006, 08:41 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
hosts.allow and hosts.deny are part of tcpwrappers, which is a framework that any application can be hooked into to abstract ip security to it. this way a service listening on a port can do it's own security via an external library wihtout having to reimplement from scratch.

iptables sits within the kernel, not the user land, and will block traffic reaching that service port in the first place. if you block port 22 access in iptables then the netfitler hooks in the kernel will never let that traffic connect to the ssh daemon on port 22. if you do not block it, and instead restrict with tcpwrappers, then ssh recieves the actual data and then refers to hosts.allow etc... and then drops it there.

iptables is your firewall, tcpwrappers is your permissions... somethign like that. additionally many applications are not built with tcpwrappers support so can not benefit from it's functionality whereas iptables and netfilter sit infront of the services so will always see that traffic regardless of what is or isn't sitting behind it.
 
Old 10-11-2006, 08:50 AM   #3
r0b0
Member
 
Registered: Aug 2004
Location: Europe
Posts: 608

Rep: Reputation: 50
I would just look at them as different layers of security. If your requirements are fixed and simple (e.g. only allow connections to FTP from local network), then set up iptables and hosts.* the same way so you have 2 layers of protection. If one of them fails for some reason, you still have the other one to protect you.
 
Old 10-11-2006, 09:17 AM   #4
richardh1970
LQ Newbie
 
Registered: Nov 2005
Location: Buckinghamshire, UK
Distribution: Slackware
Posts: 26

Original Poster
Rep: Reputation: 0
So if I'm understanding properly - iptables is a front-line defence and encompasses all net traffic, whereas hosts.* is ignored by non-tcp traffic.

I had a feeling that hosts.* was the 'obsolete' of the two, since it was around in my unix days pre-1990 wheras I'd never heard of iptables so I assumed it was the new improved security feature.

With that in mind I'll focus my attention on iptables.

Thanks for the help,

R.

Last edited by richardh1970; 10-11-2006 at 09:19 AM.
 
  


Reply

Tags
firewall, hostsallow, hostsdeny, iptables, security


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Which laptop models are the best? qscomputing Linux - Laptop and Netbook 2 08-27-2005 12:44 PM
dhcp + pppoe + kppp + security = confused aikidoist72 Linux - Networking 6 02-16-2005 05:45 PM
Paper models software??? nostromo Linux - Software 0 02-11-2005 01:03 PM
Security.....I'm confused? Quivver Linux - Software 6 02-17-2004 07:23 PM
different thread models cybercop12us Programming 2 12-22-2002 11:15 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:50 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration