Linux, Firewalls & Other Security Software: What Do You

If you want to talk about your personal paperweight, you've found the right place!

Moderator: Moderators

Linux, Firewalls & Other Security Software: What Do You

Postby chsims1 » Fri Aug 10, 2007 11:10

I've been running Sabayon in it's various versions since about February time in an attempt to wean myself off Windows, & I can certainly say it's been an enjoyable experience. I have made several attempts to do this in the past with different distros, but I have always returned to Windows when the going got a bit tough. Now with Sabayon, I can say that I use Linux for 99% of my time on my dual-booting system.

Anyway on to the point I was attempting to raise, & that is one of security. My home network sits behind a hardware firewalled router, & I have not bothered to implement software for firewalling or other purposes. What does everyone else do out there? Do you run additional software such as Firestarter? What do people think is really necessary, taking into account that I use my PC for things such as online banking etc. I'm sure that there are plenty of discussions about this subject out there on the Web, but I wanted to hear the views of the Sabayon community first.

Regards,

Ian Sutherland
chsims1
Growing Hen
 
Posts: 128
Joined: Wed Mar 07, 2007 8:53
Location: UK

Postby dunsurfin » Fri Aug 10, 2007 11:47

Just speaking for myself; I, also, have a firewalled router and just rely on that. I haven't installed any extra security software and removed Clamav. Perhaps it's not a good test but I've checked my internet connection with GRC and it appears to pass all the tests. Perhaps someone more knowledgeable will suggest otherwise.
Self-righteousness is a loud din raised to drown the voice of guilt within us - Eric Hoffer

Don't believe what it says on the right - I am anything but sagely; More oniony!
dunsurfin
Sagely Hen
 
Posts: 1333
Joined: Sun Jan 07, 2007 21:38
Location: Newcastle upon Tyne UK

Postby monday90 » Mon Aug 13, 2007 9:34

As long as your firewall/router is reasonably up to date (last 3 years ish) and you have WAN side external access turned off. You are pretty safe sitting behind a NAT firewall. The same basic security rules apply though. Only download and open stuff you are sure about. It certianly doesn't hurt to run a software firewall on your Linux box too.
monday90
Simple Hen
 
Posts: 71
Joined: Thu Mar 15, 2007 23:13
Location: Aldershot, U.K.

Postby WarraWarra » Mon Aug 13, 2007 11:11

Yup if you have a good router / routers - firewall then you would not really need a software firewall.
Having a software one is a good idea as with several routers linksys / cisco if there is a bug then your pc is left open to the monkey trying to hack your pc provided he does not know you are using linux and he's hacking the windows he thinks you have on the pc. LOL

Depends on the threat level and if there is anything worth stealing. Only persons that know you have something to steal would make a effort to try and steal it , as going for something that might not be there = risk = lazy = no success = forget it , they like soft targets / windows users that click "this is a virus do not click it" e-mails.

Most of the time Dos , ARP or ip spoofing is done and this usually has only a real effect on a windows pc + reseting the router or changing the mac adress = new ip = your old dead ip is being hacked or annoying your isp but they can handle stuff like this hopefully.

Anyone that is clued up and really wants to get in to your pc would do it without you knowing on any OS and no software or hardware can block that but then again how many persons would really want to mess with you or has the expertise / time that can not just brake a window and steal the pc = much easier + it is 99.9% someone close that has access to the room / office / house your pc is in that does something like this or personal info on weak security website's / bank website / paypal / hacked-bay -> ebay.

You keep your stuff safe and locked + several backup coppies in safe places then you should be okay most of the time or have coppies to recover from in case of emergency. Nothing worse than getting your id stolen and nothing to prove who you are.

The choice is your's to set AP isolation in the wireless router + wap2 and mac adress blocking if wifi router as it helps. Wep has been hacked in 2003 or there about so anyone can intercept / fake the internet connection /DNS you have if not secured and then use that info to steal from you. Like tuning the radio to a free fm station = music if encrypted it is more difficult and with enough time + computers any code has been broken.

Windows = rusted chicken wire fence submarine body when it comes to security = no windows close by or on a network = 90% less chance of problems.

You can look at tor.eff.org , showmyip.com and several other website + links to help keep the boogie man out and use https:// for the banks and or e-mail accounts and keep it in secure mode = makes live more difficult for would be thief instead of http://

Windows = zonealarm + avast free home edition has p2p / email / IM / network etc it has 7 shields + using http://www.hitmanpro.nl and the 5+ free / demo spyware scannersit has = good choice. Live tcp viewer to check connections to funny places like 239.255.255.0 lan multicast something rubish ??

Hope this helps.

PS> UPNP is nasty big hole in firewall kill it if you can in router and on pc's.
WarraWarra
Sagely Hen
 
Posts: 1989
Joined: Wed Jan 03, 2007 21:01
Location: 31.324270, -113.585511

Postby WarraWarra » Tue Aug 14, 2007 21:15

Here is a few of the usual suspects.
Code: Select all
denied   10.113.207.1   bootpc   UDP
denied   10.112.27.1   bootpc   UDP
denied   212.198.99.83   1026   UDP
denied   10.112.27.1   bootpc   UDP
denied   10.113.207.1   bootpc   UDP
denied   10.112.27.1   bootpc   UDP
denied   10.113.207.1   bootpc   UDP
denied   10.112.27.1   bootpc   UDP


The 212.198.99.83 is in France and blacklisted at several isp's for spam / scam's etc .

Hopefully your router can block these if not then firewall hardware / software is the option.
See incoming log in router.

Check ipfilter or peerguardian , they used to block apple.com and othersites that spy's on you or sell your info.

Extremely good firewall router products is Zyxel routers as they are serious about problem + fixes it immediately unlike linksys that only cares about something for the first 6 months after it is released.
http://us.zyxel.com/web/index.php
WarraWarra
Sagely Hen
 
Posts: 1989
Joined: Wed Jan 03, 2007 21:01
Location: 31.324270, -113.585511

Postby Fitzcarraldo » Wed Aug 15, 2007 0:15

I have a hardware firewalled router at home and SL passes all the Shields Up tests on Steve Gibson's Web site with flying colours (Stealth), so I don't have any software firewall on my laptop running SL.

However, I travel on business a lot and have to use my laptop in hotels and offices, and have found that the Shields Up tests do not all pass in these places, so I am still considering setting up iptables using a GUI front-end such as KMyFirewall. I did try Firestarter several months ago but stopped using it when it was removed from Portage (because it is apparently no longer being supported by the developer):

http://viewcvs.gentoo.org/viewcvs.py/ge ... r/Manifest

I had a play with KMyFirewall (a GUI front-end to iptables) but have not managed to get iptables configured correctly: the iptables script generated by KMyFirewall caused iptables to kill all Internet access, so I reset the iptables configuration. I found Firestarter much easier to use. Pity it is no longer available/supported.
User avatar
Fitzcarraldo
Sagely Hen
 
Posts: 7977
Joined: Sat Mar 10, 2007 5:40
Location: United Kingdom

Postby DontPanic » Thu Aug 16, 2007 15:24

It sound like the firewall/router is probably providing sufficient security for your computer as you are using it now.

But, depending on where you want to go with Linux, you may want to start playing with Linux firewalls. My experience is that there is a certain learning curve with most implementations of Linux software firewalls. It is nice to learn how to get that firewall working from behind a firewall first. That way, if you get it misconfigured, you can just shut it off. You can play around with a few of the firewall varients, and see which one works for you.

This way, if you ever need to move your Sabayon box to being directly on the Internet, or if you want to start playing with some internet server apps, you'll have already figured out which firewall you like to use and how to get it working.
DontPanic
Old Dear Hen
 
Posts: 742
Joined: Mon Jul 09, 2007 20:29
Location: Mobile, AL, USA

Re: Linux, Firewalls & Other Security Software: What Do You

Postby chsims1 » Wed Aug 22, 2007 8:11

Thanks all for the replies, which more or less mirrored my "gut feelings."
chsims1
Growing Hen
 
Posts: 128
Joined: Wed Mar 07, 2007 8:53
Location: UK

Re: Linux, Firewalls & Other Security Software: What Do You

Postby ScottAS » Wed Aug 22, 2007 22:11

All

I concur with the opinions of others within this Thread; I myself browse the Internet via a NETGEAR WG-Series ADSL Firewall Router of which I have enforced additional Service Rules to enhance the protection that my Router provides. Because of the fact that I also use my NETGEAR WG-Series Router's Wi-Fi capability, I have enforced WPA-2 Encryption alongside a 64-Character Passphrase and have also restricted access to the device via a unique MAC Address Filter should my 64-Character Passphrase be discovered. I am also considering disabling my NETGEAR WG-Series Router's DHCP Server to enhance the protection and thus deny an IP Address to a potential intruder.

Whilst I am certain that my protection is ample, and I am confident regarding the protection my device provides given the enhanced configuration I have applied, I am of the opinion that utilising a Personal Firewall alongside a Hardware Firewall is a wise and only beneficial asset in being able to provide protection for your Computer and your personal data. It is not a matter of whether or not your data is of benefit to an intruder, it is a question of the value of your data to yourself and the techniques you implement in order to protect your data.

Scott
ScottAS
Young Hen
 
Posts: 38
Joined: Fri Jun 01, 2007 22:45

Re: Linux, Firewalls & Other Security Software: What Do You

Postby eshum » Wed Aug 22, 2007 23:57

I am using Guarddog simply because a few minutes of searching revealed how to get to the net.

ed
eshum
Technological Hen
 
Posts: 312
Joined: Tue Feb 20, 2007 20:42
Location: Oregon


Return to Off Topic

Who is online

Users browsing this forum: No registered users and 1 guest