Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
A firewall doesn't neccessary block access to personal data, it blocks access to services, ping replies, etc.
Blocking access to services should be implemented in at least 2 layers: 1st of course by the netfilter (= kernel firewall) layer, (optionally 2nd one by tcp_wrappers) and last by the application layer (binding the service to an ip address, etc).
Quote:
The harm to system data or installation of unwanted software should be prevented by the user concept, I think.
A user with no privileges can't install software if the system is properly configured.
firewall with Linux? no...firewall everything that connects to the Internet. (no, i'm not paranoid. 'they' *are* out to get me =P )
your 'personal data' may not be what is at risk without a firewall.
it is your *personal computer* that is at risk without a firewall.
would you let a total stranger - a cracker - access your computer and its resources? the cracker may or may not be interested in your personal data (email and such) but the cracker would be interested in using your computer without your knowledge, without your permission, and you may get the blame for what the cracker did with your computer...your $$$, your time to fix damages/intrusions, your reputation is at risk...
a firewall is a security tool. properly configured firewalls secure your computers/servers from unwanted - external and internal - usage.
In theory the user concept should work, but unfortunately it is alot easier to get unauthorized root access if you already have user access. Many of the exploits out there for linux are local exploits that use some type of elevation of priveldges. The remote exploits are much more rare (and dangerous).
On top of that, many of the services (httpd, sendmail) themselves are vulnerable to attacks. Because they often run as some type of priveledged user they are big targets for attack. Not running a firewall is really just like leaving yourself wide open and it is just a matter of time before you get 0wned. So unless you want your linux box to be a warez server or part of your local script kiddies DDOS crew, you absolutely want a firewall of some sort.
Last edited by Capt_Caveman; 04-21-2003 at 09:53 AM.
Dear friends,
thanks a lot for your replies! Now the next step:
What firewall-software would you recommend?
I appreciate your answers and/or links to answers already
available.
Yours,
Bernhard
The troubleshoot outlook express and pst repair has prompted you a path of the Outlook Express files' storage. And now save the damaged dbx files in the safe folder, they can be useful.
The main purpose of a firewall is to separate the traffic that is inside from the traffic that is outside. For example, you probably don't want a user in Singapore from accessing your Windows shares (if you have any), or printing p0rn to your printers, but without a firewall that nasty-person far-away is "on your network."
A firewall is simply a filter. It gets inputs from two or more cables and decides what traffic may, and may not, pass from one cable to another. Or, it sits on the inputs to your computer and decides what traffic may pass in or out.
Get GuardDog or Firestarter. They are both graphical frontends to IPTables, which should really be used by anyone who is new to the concept of firewalls in general and hand configured firewalling scripts in particular.
You could also have a look at shorewall (www.shorewall.net) as it allows you to configure iptables (and a lot of the other networking settings) using some neat and easy to edit config files. It also has some good howtos on the site to get you started. If you prefer a GUI though go with one of the ones XavierP suggested.
Location: 1st hop-NYC/NewJersey shore,north....2nd hop-upstate....3rd hop-texas...4th hop-southdakota(sturgis)...5th hop-san diego.....6th hop-atlantic ocean! Final hop-resting in dreamland dreamwalking and meeting new people from past lives...gd' night.
Distribution: Siduction, the only way to do Debian Unstable
Posts: 506
Rep:
A simple router between your modem and workstation is fine.They are cheap enough these days and has a 4 port switch,web access,vpn,remote admin,etc etc.Under $80 here in the states for basic router.
As for software firewall,I dont know of many that are application based...allow/deny out there.Like windows sygate,zone alarm or outpost.Guarddog and firestarter are not like that at all,they are just iptable front ends limited to iptable rules.
Personally I don't think that running a firewall under Linux makes sense if all ports are closed/no 'net services are running, anyways.
If iptables gets run for the pure purpose of blocking all those closed ports, it actually just adds a new possibility of attack through exploitble code. Blocking closed ports is senseless
The only reason (aside of routing, logging, load balancing and other such things) for iptables under a port blocking aspect I see is in cases where you want
1. Only a certain group of IPs to access a specific daemon, or to exclude a group
2. Limit the amount of connections and/or rate
3. To block a daemon you don't want to have publically avaible, that just won't let you disable it's public port listening through the daemon's config itself. Always try checking the service's config if you want to restrict it to local usage, use iptables if the daemon offers no such options in the configuration.
Also, it's better to run the firewall on a seperate box, no matter the OS. If the box gets exploited and somebody gains root privileges, iptables won't help you on the same box as it can simply be tunred off.
To make a long story short:
On a home box, simply turn off all listening daemons and use no firewall.
On a box where you want local listening services, check their configuration. Most can be set to only listen on 127.0.0.1, also needing no firewall.
In case you need routing, net logging, ip restrictions or local daemons that just won't listen only locally, use iptables...if you can, on a seperate box.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.