LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   internal security (https://www.linuxquestions.org/questions/linux-security-4/internal-security-347402/)

metallica1973 07-27-2005 04:09 PM
internal security
 
If I have setup my firewall with the best iptables rules in the world I know that that will only protect your network but so much. I believe that through http and smtp is where most of todays headaches occur (instant messaging,spware, e-mail and etc..) Once you go on the internet it is just a matter of time before something slips through as well as e-mail. Here is my setup:

dsl
|
|
linux /firewall/proxy/squidguard
|
|
2 - windows 2k wireless cpu's

If my system is secure externally on my firewall end then what would be the best way to protect my internal network from lets say YAHOO Instant Messenger,Internet Explorer comming in and infecting my linux server and or sacrificing security internally?

lynrees 07-27-2005 04:25 PM
With the firewall, you should be secure against direct attacks to your computer, however, as you say you are still vulnerable to viruses via email, web browsing etc.

The best advice I can give is:

- keep your boxes patched
- run anti-virus software
- use firefox instead of ie
- use some form of anti-spyware, passive or active

As for mail, you could run an internal mail server, otehrwise configure your AV software to scan incoming mail.

sundialsvcs 07-27-2005 04:25 PM
Remember that a computer is not a living organism: the phrases "virus" and "infect" are really misnomers. They imply that rogue-programs are somehow magic. They are not.

The first and most basic thing that you must always do is to keep your operating system up-to-date. Various root-exploits exist for Linux just as they do for Windows, and while they are fixed as fast as they are found, you must still apply the fixes. Distributors are pretty good about getting these out quickly.

The next thing you must do, as previously discussed, is to make sure that your ordinary everyday account is not "root" and does not have special file-access rights. Your personal account should have access to nothing more than "your things."

Always remember backups: current, maintained. USB 2.0 disk drives that hold many gigabytes and fit in your pocket, or in a safe-deposit box(!), are dirt cheap now. Buy several. Use them. You can also use tools like Amanda, using her only to make on-disk backups with no regard for tape. (In my experience, if you rely simply upon your own memory and schedule to make current, reliable backups, "the backups won't be." The initial backing-up step needs to be "set it up and fuhgeddaboudit.")

Make sure that your computer is only running the servers (daemons, services) that you actually require, and that you know why each one is there. Make sure that all default accounts are firmly shut-down and cannot be logged into.

For system maintenance activities other than rootly things, set up a normally-disabled separate user-ID for that purpose. This user, while not root, has the ability to enter a group (such as wheel) that gives it access to more things. But even then, it doesn't have access to the system... /usr/local yes, but not "the" system.

Your primary goal is to make your system even "slightly more" protected than the average Joe's. Your primary assailant will be a totally-automated script-kiddie troll, which will find your computer entirely by-accident.

As mentioned, the reason why Windows gets assaulted so much is, imho primarily the simple fact that the default installation ships with only one user, who is an [all-powerful] Administrator. Thus, when a rogue program slips in and tells the system, "Kill yourself," the computer obediently points its wand at its own forehead and shouts "Aveda Kadavra!" The computer has been told to obey any orders that are given "in Administrator's (aka Root's) name." Rogue programs, in that situation, have the authority to tell the computer to do anything and be obeyed. And that is the root ;) cause of the problem.

metallica1973 07-27-2005 07:06 PM
Is there anything that can be done that can help with controlling AOl instant messager,Yahoo instant messenger on the linux firewall/proxy/squidguard end? I have had pop up viruses and stuff being sent through those messenging services! Also, I am using squid and squidguard together, under what log file can I view what wesites they have been to and vice versa?

tkedwards 07-31-2005 06:14 PM
Quote:
Is there anything that can be done that can help with controlling AOl instant messager,Yahoo instant messenger on the linux firewall/proxy/squidguard end?
Block the yahoo instant messenger port ;)
Really if Yahoo IM is letting through viruses and popups thats something you should deal with on the Windows end. Squid isn't magic - it can't see whats a popup and whats part of the page. You might want to google for 'squid and clamav' to see if you can integrate virus scanning into it, but I'm not sure how well this works, if at all.

metallica1973 08-08-2005 09:58 AM
what is your opinion on CLAMAV and VIRALATOR. With this utility I can run an anti-virus on my proxy service!

Brian Knoblauch 08-08-2005 01:44 PM
Biggest potential hole in your setup is the wireless.

metallica1973 08-08-2005 02:46 PM
What about RADIUS?

sundialsvcs 08-08-2005 08:18 PM
Radius-type technologies make a large and complex setup easier to administer, and they do so with reasonable security (which is actually saying a lot!), but they do not add to the security in the sense that "you should use them even when their use is not otherwise indicated." If you are feeling the pain that Radius is designed to address, then Radius will make you feel a lot better, but if you are not, it is overkill.

The most common rogue that you must defend against on the Internet is simply a cat-burglar; simply an opportunist. He's the one who'll probe for available wireless networks just to see if he can find one (haven't you? ;) ...), and he'll abuse one if he can find one, but if the network is protected even by the simplest application of WEP he'll pass it by. (There are plenty of unsuspecting, clueless fish in that pond... why bother with one who has a clue?)

The configuration I suggest is a simple, basic application of VPN... and toss WEP in on top of that ("why not?")... and you can be sure that no one will spend too long assailing the walls of that castle for very long, let alone get inside. It's the same reasoning that makes me say, "if you need to use SSH, for pete's sake use certificates!" The very slightest effort on your part will instantly transform your house into "the one who has its doors locked," and thus, the one least likely to be burgled.

(As they say, and it is true, "the most important component of your home security system is the sign in your front yard.")

metallica1973 08-11-2005 05:56 PM
I was thinking of using FREERADIUS.

int0x80 08-12-2005 07:39 AM
Look into ClamWin [clamwin.com] for a free Windows anti-virus application.

metallica1973 08-16-2005 02:11 PM
I presonally use f-prot! ClamAV is a little to much to configure and the documentation sucks! The only problem with f-prot linux edition is that it doesnt have a daemon running do detect viruses instantly. I have to schedule runs. On the wireless side is where my problem lies along with instant messenger and etc.. I am going to run RADIUS and authenticate using WPA2 when there is support from the linux community.

metallica1973 08-16-2005 03:18 PM
I will try these suggestions thanks.


All times are GMT -5. The time now is 12:40 AM.