LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Internet security (https://www.linuxquestions.org/questions/linux-security-4/internet-security-548942/)

subodh 04-25-2007 01:06 PM
Internet security
 
I have successfully managed to connect to internet through GPRS. Now before using it fully, I like to know where firewall located and how to manage it to allow certain service to access internet and denied the access for certian services?
Also, please tell me other security tips. I am using Fedora 1 since gprs modem can't detect on Fedora 3.

b0uncer 04-25-2007 01:43 PM
If you like to use the native firewall of Linux, you're asking for iptables. It's built in the Linux kernel and you most probably have it's user interface -- called iptables -- installed already. You can see the "rough" documentation with
Code:
man iptables
or perhaps in a nicer form in iptables.org website. If you're not comfortable with console usage, or writing shell scripts to manage the firewalling system, you could also control iptables trough a graphical front-end like FireStarter available on the web, probably trough Fedora reposities too (get using the Add packages/programs tool Fedora provides). It should be fairly easy to use, especially if you're new with command-line tools.

A basic iptables ruleset is to deny (actually: drop) all packets that are not specially allowed; often people drop all inbound (and forward) traffic and allow outbound, then specifically allow inbound traffic that is either existing or related to some existing connection, and possibly in addition allow some special protocols, ports or other stuff. It's all in iptables' manpage or at their website, and if you use FireStarter or some other front-end, it's even easier (I have the impression that they're more or less point-and-click front-ends).

Basically you add iptables rules by running iptables command with some options, like iptables -P INPUT DROP to set the input policy to drop (=drop all incoming packets) or iptables -A INPUT --dport 22 -j ALLOW to append a new rule to INPUT chain which allows traffic to port 22 (ssh). The commands are remembered until you clear them or reboot; this is why you save the configuration to a file that is read during boot sequence. If you use FireStarter or other front-ends, they usually do this stuff automatically when you "save" the configuration, so if you're new with this stuff you might want to start off with that.

My security tip is to restrict, block, deny and drop everything you don't explicitly want to allow, and be paranoid about that. There is no sense in configuring firewall block rules for every possible thing, it's easier to create one policy that denies traffic and then add allowing rules to some things you want. Another very important security "tip" is that you should not use root account unless it's the only way to achieve something; using root account is a security risk if you ask me. Using root permissions always is. Therefore I suggest that you get to know a thing called sudo which allows specified users run commands/programs with root privileges (without root password; they will be using their own passwords instead). It's safer than logging in and out as root, or even worse, using su to do everything, forget it "open" or even use it over ssh or something, giving the root password to any hacker available. sudo can be configured so that only defined users can use it at all, and so that those users can run only specified commands (or everything if you like, but it's still a risk, especially if there is more than one such user -- if they can run anything, they can get root account and more).


All times are GMT -5. The time now is 12:43 AM.