Re: [newbie] How much internet security do I need?
Along with Pmfirewall you should also configure portsentry to watch for port scans. Pmfirewall, using Ipchains, is a wonderful first step, but a single layered security scheme isn't much security at all. I wouldn't use anything less then two layers and thats cutting things down to bare bones. these days, when it comes to keep your machine secure from unwanted visitors redundency is the way. While its true that you can only go so far on a single home machine it never hurts to go as far as you can. I've setup a simple SMTP/FTP/HTTP server at work that I use for certain interesting tasks and amusement. In the first week it was up someone breached the box, (my fault cause I left port 23, telnet, open) was rooted and planted. I got lucky this time cause I saw the evidence of the incurrsion, found their droppings and got rid of them. you can be sure I got firewall configured properly AND installed and configured portsentry which has been on duty since without a single lapse in security since. I will tell you that the hosts.deny file continues to grow daily since these guys just don't take no for an answer and they're still trying to gain access. their ip numbers are all over my firewall logs and portsentry continues to log their scans and enter their ip addresses in the hosts.deny file so that it remembers them. for an older RedHat machine running on an i486 P1-133 I'm very impressed with what these two programs can do on their own to protect both machine and the data contained on that machine - not to mention the network behind the machine. -- Mark * what knowledge I have managed to accumlate over the years at times becomes obscured and even hidden amidst the vast emotional onslaught of my children. You never finish being a parent. :) On Mon, 23 Apr 2001, s wrote: pmfirewall should do you just fine. You will need to add some things to it as you find ports left open here and there, but basically it's a good start. -s On Sat, 21 Apr 2001, you wrote: Hi All: I am using ML 7.2 for a home desktop system. I only browse the internet using a 56K modem. How much internet security do I need? Do I need ipchains or whatever? I am only on the internet 3 to 4 hours a day. I have ML set to medium security!! Thanks Charles
Re: [newbie] How much internet security do I need?
Along with Pmfirewall you should also configure portsentry to watch for port scans. Pmfirewall, using Ipchains, is a wonderful first step, but a single layered security scheme isn't much security at all. I wouldn't use anything less then two layers and thats cutting things down to bare bones. these days, when it comes to keep your machine secure from unwanted visitors redundency is the way. Along with Portsentry, installing LogCheck is wise. It too is made by Psionic. Logcheck parses the logs, saving only the pertinant information, and mails them each hour to root, or whomever. I will tell you that the hosts.deny file continues to grow daily since these guys just don't take no for an answer and they're still trying to gain access. their ip numbers are all over my firewall logs and portsentry continues to log their scans and enter their ip addresses in the hosts.deny file so that it remembers them. If you the following line to the hosts.deny file, you needn't worry about a vast majority of problems: ALL:ALL@ALL,PARANOID That tells the machine, for programs using TCPWrappers, to deny everyone access to everything, and block any machine whose name does not match its IP. If you need to use INET services on the Linux machine, add the following lines to hosts.allow: in.telnetd: 192.168.0.3 bar.foo.com That's just for example. Replace in.telnetd with whatever program you wish to use, and 192.168.0.3 with which ever machine you want to connect. Also, if you add the following lines to the sysctl.conf (IIRC, that's what Mandrake calls it): net.ipv4.conf.all.rp_filter = 1 net.ipv4.icmp_echo_ignore_broadcasts = 1 net.ipv4.tcp_syncookies = 1 net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.all.accept_source_route = 0 net.ipv4.conf.all.log_martians = 1 net.ipv4.icmp_echo_ignore_all = 1 And if you're going to all that trouble, you might as well do the following: In /etc/securetty comment out everything except tty1. Then root can only log onto tty1. If you need more root, you can log on and su. For a good degree of security, remove the rpm binary. Copy it to a floppy disk, or three, and store them away safely. Without rpm, it's impossible for both you and nefarious users to add anything to the computer. If you also remove the compiler, that increases security , but makes life difficult. Consider using Tripwire as it checks the integrity of your important programs. It won't stop an intrusion, but you'll be alerted promptly. Another program, called sXid, which also runs as a cron job, tracks changes in s[ug]id programs. It's available at http://the.wiretapped.net/security/host-security/sxid/ Regards, Nathan
Re: [newbie] How much internet security do I need?
pmfirewall should do you just fine. You will need to add some things to it as you find ports left open here and there, but basically it's a good start. -s On Sat, 21 Apr 2001, you wrote: Hi All: I am using ML 7.2 for a home desktop system. I only browse the internet using a 56K modem. How much internet security do I need? Do I need ipchains or whatever? I am only on the internet 3 to 4 hours a day. I have ML set to medium security!! Thanks Charles
[newbie] How much internet security do I need?
Hi All: I am using ML 7.2 for a home desktop system. I only browse the internet using a 56K modem. How much internet security do I need? Do I need ipchains or whatever? I am only on the internet 3 to 4 hours a day. I have ML set to medium security!! Thanks Charles
