RE: How to set up

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Lids is a software that can be used to secure a Linux box. 

http://www.lids.org/

You can also use snort to watch your network scans and hacks.

www.snort.org


-----Original Message-----
From: Daniel Chemko [mailto:dchemko@xxxxxxxxxx] 
Sent: Friday, May 23, 2003 12:45 PM
To: tr-huso; Netfilter Mailing List
Subject: RE: How to set up

Ack!

Talk about asking for everything all at once... I digress.

Rule 1 of firewalls is to never have any services on the firewall that
are not absolutely necessary. Of course if you are poor just like
everyone else I guess you have to bend that rule.

If you are putting tons of services on the firewall, you have to make
sure that the ones that are used for your local network don't get to the
internet!

Samba may seem fine now, but when some nasty hacker wipes out all your
shares you won't be so happy about having it! (SMB: Ports 137-139
tcp/udp; Port 445 tcp)

Make sure all default services in the Linux box are turned off, or a re
restricted from internet tampering, like Portmap, etc..

Patch all services that you will be running to the latest, greatest, and
most secure version.

When writing scripts, I can't recommend using person xyz's scripts. I
have always been of the impression that by learning about how iptables
or other tools work, you become more aware of really important issues of
how firewalls work. Read tutorials that cover iptables to make sure that
there aren't any "They can do that"?'s or "I never knew that"!'s.

As for monitoring software, I am incompetently bad at implementing any
systems monitoring tools so I can't offer any advice with that. I am
sure you can do a search and come up with tools like Tripwire or IDS's.
Running tools like Nessus is also a good idea when implementing a sanity
check on your firewall.


-----Original Message-----
From: tr-huso [mailto:tr-huso@xxxxxxxxx] 
Sent: Friday, May 23, 2003 6:38 AM
To: Netfilter Mailing List
Subject: How to set up

Hi group.

I'm new to this group, so here is my setup:
A linux box (Red Hat 7.3) that is connected to the www and also works as
a 
router for the rest of the network. It also runs an Apache webserver,
and will 
also run a proftpd ftp-server soon. 
A Windows XP machine that is used for anything else, connectes to the
internet 
through the linux. Thanks to Samba the windows machine has some network 
directories on the linux box.

Now I want to secure this thing, and I also want to log what's happening
on 
the linux-box.

I've read a few articles on iptables, and read a few newsgroup-posts
related 
to the topic.

I've also seen a few scripts that I might use, if someone can point out
which 
one to use, I'm more than happy...

yours,

Trond







[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux