On my iptables firewall I have disabled all POP, IMAP and SMTP in both directions, disabled sendmail, and use a web mail account instead. I can then also access my email from work as well as home. If the only email use is for your personal email then this is a simple way of shutting down that avenue of attack. Rob -----Original Message----- From: fedora-list-bounces@xxxxxxxxxx [mailto:fedora-list-bounces@xxxxxxxxxx] On Behalf Of Leonard Isham Sent: 15 October 2004 14:50 To: vj@xxxxxxxxxxxxxxxxxxxxxxx; For users of Fedora Core releases Subject: Re: Is my computer safe enough if I use just iptables? On Fri, 15 Oct 2004 14:40:28 +0100 (IST), VJ <vj@xxxxxxxxxxxxxxxxxxxxxxx> wrote: > Scot, > Thanks a lot for your advice. I am now thinking whether I should go > for some boxed firewall or not. I used to think Linux was secure > enough. I have my IPtables DROP by default and just opening the > required holes (HTTP and SMTP) to let these services be used from > outside world. I do not let my family login as root. Only I am the > boss of the machine. The only reason I got a bit worried was that I am > using this machine as my development/tinkering/playing(MythTV etc) > machine + FIREWALL, with other machine (XP) being used by my wife. > > I have tested my firewall using Sygate's online Firewall test and > also the same from Symantec. Both seemed to say my system was OK but > then suggested their own firewall software (which I dismissed as a > sale gimmick). > > I am still a bit confused, so I will do more research. > Think about it for a minute. You let SMTP and http in so if either of these gets compromised then you have been owned. Keep up to date on your daemons and secure them above and beyond the standard install. Read up on locking them down. Minimize display of information the indicates what you are running and the version information. Use chroot jails... and remember google is your friend. -- Leonard Isham, CISSP Ostendo non ostento. -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list This e-mail is confidential and privileged. If you are not the intended recipient please accept our apologies; please do not disclose, copy or distribute information in this e-mail or take any action in reliance on its contents: to do so is strictly prohibited and may be unlawful. Please inform us that this message has gone astray before deleting it. Thank you for your co-operation.
