On Fri, 2004-10-15 at 09:40, VJ wrote: > Scot, > Thanks a lot for your advice. I am now thinking whether I should go for > some boxed firewall or not. I used to think Linux was secure enough. I > have my IPtables DROP by default and just opening the required holes > (HTTP and SMTP) to let these services be used from outside world. I do > not let my family login as root. Only I am the boss of the machine. The > only reason I got a bit worried was that I am using this machine as my > development/tinkering/playing(MythTV etc) machine + FIREWALL, with other > machine (XP) being used by my wife. > > I have tested my firewall using Sygate's online Firewall test and also > the same from Symantec. Both seemed to say my system was OK but then > suggested their own firewall software (which I dismissed as a sale > gimmick). > > I am still a bit confused, so I will do more research. > I think one of the cheap hardware firewalls would be a good idea in your case. As you are doing development work you could inadvertently open your system up and not even realize it. Most of these firewalls (linksys, netgear, etc) can be purchased for as little at $50. You may be able to find them even cheaper on line. You also get the added benefit of being able to have multiple systems on your local LAN share the Internet connection. You might also look for information such as http://linux.box.sk/newsread.php?newsid=775 which discuss how to harden a linux system. I don't agree with everything in that link but much of it is great advice. You may also want to look at the http://www.bastille-linux.org project. Not sure how up to date it is but they had some great stuff a while back. The best thing to do is think of defense in depth. Have a decent firewall at the front but if possible run firewalls on each system. Disable unneeded or unused services. Run tripwire or something similar to notify when critical files get changed. Run chkrootkit or rkhunter to scan for known root kits. Use http://grc.com to scan your external system. Run virus scanning software on any windows box. If using your linux box as a MTA for windows systems run clamav or one of the other virus scanning packages. Keep an eye out for security issues in bugtraq and fedora announcement lists. Disable telnet, ftp, use ssh and scp instead. Disable root from logging in directly and restrict what users can log in remotely to your system. There a lot of good resources out there. But the best thing is to be really paranoid. Because they are out to get you! :) -- Scot L. Harris webid@xxxxxxxxxx No yak too dirty; no dumpster too hollow.
