LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 11-07-2003, 06:01 AM   #1
the_rydster
Member
 
Registered: Nov 2003
Location: UK mostly.
Distribution: Slackware 9.1
Posts: 103

Rep: Reputation: 15
Newbie question: Firewalls/security


Hello, I have just started using linux (redhat 9.0). Before I had Windows 98 (and outpost firewall) on my home PC and always kept a tight ship running with my firewall set at the max.

I set up RH 9.0 to have the highest security level and ran a test at www.grc.com which scanned my ports and tried to ping me etc. When I did this on Win 98 I was totally invisible but this time the test must have got some packets back from ports 1 and 2 cos they were seen as 'closed'. I therefor failed the full stealth catagory.

Do I have to worry about viruses on linux? I read that there are only 4 'in the wild' so it is not so important. I have downloaded fp virus checker, is it worth bothering with? Cheers.

 
Old 11-07-2003, 07:11 AM   #2
RickyJaff
Member
 
Registered: Oct 2003
Distribution: RedHaT, ELX, DragonLinux, Knoppix.
Posts: 89

Rep: Reputation: 15
Using Linux from a year or so.. But never faced any prob like virus ...in linux

Keep in mind... always make sure ur firewall is good...
 
Old 11-07-2003, 07:41 AM   #3
Bebo
Member
 
Registered: Jul 2003
Location: Göteborg
Distribution: Arch Linux (current)
Posts: 553

Rep: Reputation: 31
Hello,

About firewalls... I've been playing around with my firewall for some time. I'm using Mandrake 9.1, and previously I've used shorewall which is included in the distro. After some reading, I set up iptables by myself and shut shorewall off (but activated iptables, of course). Unfortunately I haven't scanned my computer from the outside with nmap as root yet (so I can only do some rather inefficient scans, such as the TCP connect and ping scans) but I'm invisible in the scans that one can do at scan.sygate.com and grc.com, and that is really nice.

The rules I've set up for iptables are a mix of the ones that Brian Hatch writes about in his article(s) Ten minute host firewall (here and here) and the ones that quicktables set up for me. In addition, I've changed the settings in some firewall-related /proc entries, which one can read about here and here.

(Well, I guess I don't have to think very hard, since my box isn't working as a server. I only allow incoming ssh request from two machines, and I have also changed the port on which the ssh daemon listens to from the standard port 22.)
 
Old 11-07-2003, 10:36 AM   #4
cyph3r7
Member
 
Registered: Apr 2003
Location: Silicon Valley East, Northern Virginia
Distribution: FreeBSD,Debian, RH, ok well most of em...
Posts: 238

Rep: Reputation: 30
I think you may be comparing apples to oranges here.

In your post you note that you had a Win98 machine running Outpost firewall. The reason your scan came back clean is due to the Outpost software, not Win98 itself. The Outpost was probably configed to drop packets whereas The Linux box is rejecting them. In essence saying "hey I am here, but you cant get in". Once you learn iptables a little more or get a nice GUI iptabels firewall package you can tweak it to be as strong or IMHO stronger than Outpost.

As for Win vs Linux viruses, they are 2 seperate creatures. On Win systems you have the issue of standard open ports such as RPC 139 and then add to that priveledged users that run services. These services are generally easy to access as Win makes it easy for an end user to do whatever they need to do on their own box. Linux is different in as each service and user that runs it are segmented from each other and the use of non-priveledged accounts. This makes it much harder to simply connect and run arbitrary code.

there are linux viruses out there just not as many and none that can propagate as fast as say blaster did.
 
Old 11-07-2003, 11:13 AM   #5
markus1982
Senior Member
 
Registered: Aug 2002
Location: Stuttgart (Germany)
Distribution: Debian/GNU Linux
Posts: 1,467

Rep: Reputation: 46
When speaking of security: A firewall is just like the front door. You should not rely on firewalling if you are running public services, instead you have to ensure security at the application level.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
newbie security question.. BobL Linux - Newbie 3 01-05-2005 02:55 AM
New to linux security,firewalls fhameed Linux - Security 4 03-15-2004 12:50 AM
Newbie question on firewalls vincebs Linux - Newbie 4 01-22-2004 12:22 PM
iptables - firewalls - confused newbie mymojo Linux - Newbie 7 12-16-2003 04:50 PM
Security question {newbie question} Radio Linux - Security 3 05-17-2002 06:32 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:21 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration