Firewalls to Protect From Remote Login/Viruses/etc

Joto John · 08-24-2004, 11:30 PM

Hello,

I've been looking into purchasing a firewall to protect my PC from Remote Login, Viruses, Spam, and so on. However, I was wondering if there was any way to find out who was on the other end of the situation. Please help.

Thank You

Thoreau · 08-25-2004, 03:41 AM

If you mean you are running windows, and want a linux box to protect you- a very nice product is at www.clarkconnect.com. I bought 2 of them myself for my windows users at work.

barisdemiray · 08-25-2004, 08:49 AM

I think you mean finding the attacker/intruder right? If so, then search for the terms honeypot and intrusion detection.

JoAnywhere · 08-25-2004, 05:57 PM

John,
I think you need to look more closely at what you are looking for

A firewall will do little to prevent spam (spam comes in as part of email, which needs to be considered legitimate traffic for obvious reasons). There are strong reasons for NOT implementing server side spam solutions, and for implementing client side spam filters (one mans spam is another mans valuable data being one reason, the other being that spam filtering is moderately cpu intensive, and is better done in a distributed environment).

also, centralized virus protection is an interesting topic, and possibly not one that is best handled on the firewall. I personally prefer the approach of using client side virus protection with daily signature file updates (But that is a personal preference).

Remember, every additional piece of software you install on the firewall becomes a potential security risk. If you want to perform centralized spam filtering, and virus protection you may be better off installing a separate machine to perform these tasks.

Cheers
Jo

chrism01 · 08-26-2004, 07:22 AM

As JoAnywhere implied, firewall/remote login, viruses and spam are separate issues and need to be dealt with as such.
You can use a firewall to protect against unauthorised access. You can either get a commercial piece of SW eg Smoothwall, or use iptables which is built-in to your Linux anyway and therefore free.
Most distros have admin menus that allow you to shut-off services you don't need. This is a good idea; if it's not running, it can't be exploited :-)
Make sure you have Tripwire installed (www.tripwire.org), although it usually comes with Linux.
You can test against your own box using nmap ( usually comes with Linux. or www.insecure.org)
For spam see spamassassin ( on your CD or at http://spamassassin.apache.org/ )
Linux is pretty much immune to Windows viruses/worms, but see http://cvs.sourceforge.net/viewcvs.p...e.txt?rev=HEAD for a list of products.
HTH

JoAnywhere · 08-26-2004, 10:05 AM

Quote:

Originally posted by chrism01
As JoAnywhere implied, firewall/remote login, viruses and spam are separate issues and need to be dealt with as such.
You can use a firewall to protect against unauthorised access. You can either get a commercial piece of SW eg Smoothwall, or use iptables which is built-in to your Linux anyway and therefore free.

Chris,
or you can get smoothwall express which is the free GPL version from http://www.smoothwall.org

Cheers
Jo