Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Someone sad to me "Linux can be the most secure system of them all, but also the least secure. Everything depends on the user".
This is somewhat true and I use a firewall just to close all my ports except for SSH-port 22 out to my school.
You can play with ports and such with "iptables" (read man) and you should also check out /etc/hosts.allow and /etc/hosts.deny, they can be really handy. :)
As of right now, I have a D-Link router hardware firewall. (Exact model is DI-604 if you are interested.) On security tests (Shields up and Symantec), the router has been pretty effective at stopping things from getting through to me. However, on the flipside, its really not good at all at checking whats coming out of the network. For instance, if someone were to hijack my computer with a trojan or attempt to steal personal information via setting up some sort of program on my computer that would relay information back to the maker of the program, all the info would most likely get past my hardware firewall. I think that I may need to set up a firewall to check keep a tab on whats flowing out of my computer as well as what is flowing in. Am I just being paranoid or does any of this sound reasonable?
hardware firewalls work because they are routers that server many machines with only one ip address. is a new unrelated and unestablished packet arives, the firewall doesnt know which machine to re-direct it to.
provided you do no have port forwarding, its unlikely anyone can get into your machine.
so.... the only way i can see some1 getting into your system...
1)trick you into viewing a website they own so they can get info on what browser you are running.
2)assuming a buffer overflow exploit exists... fine one, apply it to their site, then trick you into viewing it again.
3)the overflow expoloit virii would then need to be created without even knowing anything about what programs or servies you are running, and made to gain root access.
4)it would then need to find a way to steal your firewall password (keylogging ?) so it can setup port forwarding and open a back door.
i think this is as secure as you are going to get.
besides. if the virii got to #3, it would turn off your iptables firewall easy.
1 A port is open/forwarded (most likely because you need it for a useful service)
2 The service/program bound to that port is exploitable
Point is-- make sure you software is up to date!
I agree with the above statements about a hardware firewall, A hardware firewall should be your first line of defense. Your second line of defense should be a good software firewall (like iptables or sygate for windows).
I'm using Slackware 10.0 and it doesn't seem to include a firewall like Mandrake. I also blew all my disposable cash (plus lots of non-disposable) on the new computer (one thing led to another and before I knew it...) and so I won't be buying a hardware firewall any time soon.
So, what are good free firewalls for linux. I checked out Smoothwall, but it appears that it will only turn my only machine into a dedicated hardware firewall. I'm about to try Firestarter. Are there other I should consider? Some more secure, more features?
Originally posted by TenEighty I'm using Slackware 10.0 and it doesn't seem to include a firewall like Mandrake. I also blew all my disposable cash (plus lots of non-disposable) on the new computer (one thing led to another and before I knew it...) and so I won't be buying a hardware firewall any time soon.
Your distribution does include a mechanism used to build firewalls. It's called iptables. Mandrake (and other 'easier' distros) have tools that make such building easier. In your case the easiest solution will be to search the forum for 'iptables scripts'. There are many examples here, for different situations. You can choose one that fits your requirements best (and probally needs some modifications) and use it in your system (what usually means just to add the script to your starting ones).
Okay, so I seem to understand now... Firestarter and Guarddog, both of which I have now tried, are GUI interfaces for iptables which is included with Slack in the first place. Okay.
I had a problem with firestarter hanging when I used ShieldsUP at GRC.com to scan my computer, thought it scored nearly perfect. I installed Guarddog and it seems to work a little better, and there's a lot more flexibility with individual protocol permissions.
??
I was wondering if program control was an issue in Linux, such as Zone Alarm in, um, windows... where individual programs are granted access to the internet, and the user is notified if a new or altered program tries to connect.
??
??
I was wondering if program control was an issue in Linux, such as Zone Alarm in, um, windows... where individual programs are granted access to the internet, and the user is notified if a new or altered program tries to connect.
??
this is called a personal firewall, and asfar as im aware, is not available in linux.
Iptables deals only in network traffic... all it knows about traffic is whats in the IP packet... Ports, type of service, source and destination IP's, but now what porgram generated the traffic.
Wow! No one mentioned the linux hardware firewall... www.smoothwall.org. It has an extremely dedicated following. You do need an old computer, though. Check it out.
guarddog and firestarter do the same thing linux as zone alarm for windows. Both keep out unwanted traffic. Also, make sure that only the services you need are enabled, you only httpd if you running a server. Do a search here for more info.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.