Network security for linux or slackware
 

Hi,

I have read news that it seems cyber crimes are hot topics.

I will like to ask using linux, how safe is the security?

I have read that those key loggers, worms or trojans are windows specific.

I will like to ask if whether the above malicious codes which affect the windows system, will it affect linux systems?


Thanks

All those viruses, worms, etc, are for Windows systems. Linux is much more secure. For Slackware, you should turn off services that you don't need, especially all those services that are for servers, if you are not running a server. To disable services, run pkgtool as root, choose the option to start /stop services, and turn off any you don't need.

You can scan your system for open ports here:
http://www.grc.com/default.htm
Click on "shields up", click on "proceed" and run the test "scan all service ports". Slackware should not have any open ports in a default install.
Also, see the section on security in the Slackbook:
http://slackbook.org/html/security.html
If you want a software firewall, try the slackbuild for Guarddog:
http://slackbuilds.org/repository/12...work/guarddog/
If you are behind a router you don't need a software firewall.

Hi,

I would like to add that if you are behind a router/modem that to make sure the firewall is enabled for the device(s)

That's debatable. The firewalls that come with many routers are typically poorly configured and cannot be easily configured properly. But, if you have a good router, then indeed it would be better to configure that one properly.

Where do you get your news, just curious :)

If all your ports are reported as "stealth" by the port scan at "Shields Up", then isn't that good enough? Is there anything more that you would recommend?

I always thought that NAT in hardware firewalls and routers was all you needed to block unauthorized connections to your system or home network.

Your network security level is defined by its weakest spot.
Try to search if there is any exploit associated with your modem/router, if it needs software update...
(don't send router password in clear on untrusted network :))
Then be careful about any open port, for example if you use NAT to forward port 22 from internet to one machine of your lan, I believe you will experience ssh login attempts from internet, NAT has no protective purpose, it's just routing

That's a good point, most routers that I've seen, with the exception of one (which ran Window$ CE), run Linux. Now the question is, how up-to-date is that system ? Exploits do exist for many kernel versions, so it's likely one exists for the kernel your router is running. When was the last time you updated your router ?

As for stealthed ports, these can actually be scanned:
http://www.icir.org/vern/papers/norm...tml/node8.html

From wiki:
http://en.wikipedia.org/wiki/Port_scan

Oh i read it from my local newspaper. It seems that for the past 2 weeks , the newspaper has reports on cyber thefts

Few years ago, i'm using norton, then avg but still prone to virus which makes me switch to linux.

How about anti virus for linux? any to recommend?

thanks

You don't really need antivirus for Linux, it's mostly just to keep Window$ machines on the network safe from viruses that Linux may be carrying but that cannot take effect until they reach a Window$ environment. If you want one, try clamav, I have it installed, it's very fast and up-to-date.

Hi,

Good security habits are still necessary even with Linux. It's just that you should not experience the problems normal to a M$ Win machine or environment. Especially the virus/Trojan/worms from that environment. As 'H' stated you will not need the overall watch except for M$ that you may service with your Linux based system if it does service the network or LAN needs.

I too recommend 'clamav', a nice piece of software. I would also recommend that you install 'clamwin' on the M$ based machines.

If you are going to create a server for your LAN then there other measures that you will address.

This link and others are available from 'Slackware-Links'. More than just Slackware® links!

thanks for the info

Never saw a reference in this thread to an important security rule: Don't log in as root unless you need to, and definitely don't use your browser as root (same applies to any accounts with root-like powers)

Also, I'd add another vote to the clamav recommendation, I've used it for a number of years with no problems. As someone else mentioned, the vast majority of malware is aimed at windows, but if you have file-share or an FTP server or anything like that, you could be used as a distribution point. I found the on-access scanner add-on for clamav not to be worth the performance hit I took, but I still run a scheduled scan for reasons I covered above. Usually I scan the entire box once a week and "public" areas daily.

jvail

I run a Linksys WRT54GL router with DD-WRT firmware. I run the iptables firewall on each box in my LAN. I figure the extra layer is just one more obstacle to any crackers. For people running a LAN with multiple users, a firewall at each box also discourages those users from playing cracker.

Disabling unneeded services is the fastest way to close a port.

If Shields Up reports the ports are closed but not stealth, that is good too. There has been an ongoing debate for years whether Closed or Stealth is better. A cracker knows a box exists with Closed ports but also immediately knows everything is closed. More than likely the cracker moves on to the next potential victim.