On Thu, 17 Feb 2005 11:15:04 -0500 Temlakos <temlakos@xxxxxxxxx> wrote: > Now as to how to keep the barn door locked: My first impression is > that you need to enable the system firewall, even if you /do/ have a > corporate firewall. Redundancy never hurts in security. Of course, you > > need to make sure you know what TCP and UDP ports have to be open for > certain network processes to run. As long as you open those ports (as > source /and/ as destination, to be safe) and restrict this to the > subnetwork you have in your enterprise, your computer should be safe > even if someone compromises the corporate firewall--or is making > mischief inside the enterprise and hence already inside the firewall. > Search on the word "iptables" for more information. (The iptables > system and syntax took a long time for me to learn, until now I have a > system that is /very/ particular about what transactions it allows, > even between computers on my own network.) Maybe slightly off-topic, but if you want more control over your firewall rules and are baffled by the cryptic mess that is iptables, I highly recommend Guarddog. I replaced the Fedora default firewall with Guarddog and have been much happier ever since. It can be downloaded from here: http://www.simonzone.com/software/guarddog/ I compiled it from source and ran into no dependency problems. cheers, Robert
