Don't laugh, OK go ahead, I set up an old P75 w/16 mb of ram on a piece of 3/4" plywood. My apt. is small and it fits under an end table. All I needed was a floppy drive and 2 nics, see www.freesco.org for an easy firewall. And yes I save all my old computer stuff. Tim... On Fri, 2004-10-15 at 07:58, Scot L. Harris wrote: > On Fri, 2004-10-15 at 09:40, VJ wrote: > > Scot, > > Thanks a lot for your advice. I am now thinking whether I should go for > > some boxed firewall or not. I used to think Linux was secure enough. I > > have my IPtables DROP by default and just opening the required holes > > (HTTP and SMTP) to let these services be used from outside world. I do > > not let my family login as root. Only I am the boss of the machine. The > > only reason I got a bit worried was that I am using this machine as my > > development/tinkering/playing(MythTV etc) machine + FIREWALL, with other > > machine (XP) being used by my wife. > > > > I have tested my firewall using Sygate's online Firewall test and also > > the same from Symantec. Both seemed to say my system was OK but then > > suggested their own firewall software (which I dismissed as a sale > > gimmick). > > > > I am still a bit confused, so I will do more research. > > > > I think one of the cheap hardware firewalls would be a good idea in your > case. As you are doing development work you could inadvertently open > your system up and not even realize it. > > Most of these firewalls (linksys, netgear, etc) can be purchased for as > little at $50. You may be able to find them even cheaper on line. You > also get the added benefit of being able to have multiple systems on > your local LAN share the Internet connection. > > You might also look for information such as > > http://linux.box.sk/newsread.php?newsid=775 > > which discuss how to harden a linux system. > > I don't agree with everything in that link but much of it is great > advice. > > You may also want to look at the http://www.bastille-linux.org project. > Not sure how up to date it is but they had some great stuff a while > back. > > The best thing to do is think of defense in depth. Have a decent > firewall at the front but if possible run firewalls on each system. > Disable unneeded or unused services. Run tripwire or something similar > to notify when critical files get changed. Run chkrootkit or rkhunter > to scan for known root kits. Use http://grc.com to scan your external > system. Run virus scanning software on any windows box. If using your > linux box as a MTA for windows systems run clamav or one of the other > virus scanning packages. Keep an eye out for security issues in bugtraq > and fedora announcement lists. Disable telnet, ftp, use ssh and scp > instead. Disable root from logging in directly and restrict what users > can log in remotely to your system. > > There a lot of good resources out there. But the best thing is to be > really paranoid. Because they are out to get you! :) > > > -- > Scot L. Harris > webid@xxxxxxxxxx > > No yak too dirty; no dumpster too hollow.
