On Sun, Apr 30, 2006 at 08:30:17 +0200, "A.J. Bonnema" <abonnema@xxxxxxxxx> wrote: > > AFAIK my firewall has all ports closed for both TCP and UDP. However, I > have no means of checking that this is true. Through the site "Shields > Up" (www.grc.com) I have been able to check that *some* UDP ports are > closed (windows related), but that is no surprise as I run FC5 and the > Windows machines are currently not connected. Scan your system from outside while having something like etheral or tcpdump listening on the inside to see what gets through. > > Yes, currently I have no external connections. However, I would very > much like to be able to ssh into my computer, remotely. Because of the > security implications and my current lack of knowledge I have chosen to > keep it closed for the moment. You should be able to use pam configuration to only allow your account to login remotely. If you know what remote IP addresses you might connect from, you should use a white list of allowed IP addresses which can connect to the ssh port on your linux box. > I was checking out some kind of door-knocking protocol, but that is > where the commercial firewall gets in the way: there doesn't seem to be > a way to implement this, short of replacing the firewall completely (by > opening all ports and sending them through to one of my PCs). This isn't worth the trouble. It is security by obscurity, not real security. You really need to design your system well enough to withstand an attack where someone is using door knocking, so it doesn't save you effort securing your system. It buys you some protection against script kiddies that you probably don't need and makes it a bit more work for someone doing a dedicated attack versus your system. The down side is that by using nonstandard protocols is that things might not work when you need them to. (Though if there are a small number of remote sites you might use, you can probably spend some up front effort and then have things work pretty reliably.)
