Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Computer Security (http://www.velocityreviews.com/forums/f38-computer-security.html)
-   -   Newbie question: If you don't host a website, and.... (http://www.velocityreviews.com/forums/t307482-newbie-question-if-you-dont-host-a-website-and.html)

dave 01-27-2006 12:10 PM

Newbie question: If you don't host a website, and....
 
you are browsing with Firefox under linux OS, do you need a firewall?
If so, why?

thanks,

dave


Winged 01-27-2006 01:52 PM

Re: Newbie question: If you don't host a website, and....
 
dave wrote:
> you are browsing with Firefox under linux OS, do you need a firewall?
> If so, why?
>
> thanks,
>
> dave
>

Yes! A firewall is required to prevent a local host from a variety of
exploits. Firewalls do little in preventing exploit by web browsers in
the nix environment however the idea is only to expose ports externally
those hosts you wish to communicate with and block all others. There
is little overhead in nix firewalls and well worth the effort in
protection from various worms and other potential exploits. While web
browsing is one point of exploitation, it is not the only method of
exploitation. If one watches their network external interface, one will
see frequent probes on a specific IP address. A firewall is only one
layer of security. Depending on local system configuration their are a
number of potential entry points in a typical nix configuration. It is
easy to make an "opps" in configuring a system, especially for a newbie,
and a firewall will help protect you from yourself.

There is a good article on how to harden nix systems at:

http://www.puschitz.com/SecuringLinux.shtml

Hope this helps.

Winged

Todd H. 01-27-2006 05:22 PM

Re: Newbie question: If you don't host a website, and....
 
"dave" <mdt1@columbia.edu> writes:
> you are browsing with Firefox under linux OS, do you need a firewall?
> If so, why?


The ipchains software firewall, if setup and properly configured on
Linux can give you excellent protection.

However, misconfiguration is easy to do (e.g. how much do you know
about ipchains rule writing?), future exploits are always a
possibility, so for the whopping $50 it costs to get a router with a
firewall in it, why not have the extra layer of protection?
http://www.newegg.com/Product/Produc...82E16833124001


Best Regards,
--
Todd H.
http://www.toddh.net/

Moe Trin 01-27-2006 07:57 PM

Re: Newbie question: If you don't host a website, and....
 
On 27 Jan 2006, in the Usenet newsgroup alt.computer.security, in article
<1138363826.993165.326890@f14g2000cwb.googlegroups .com>, dave wrote:

>you are browsing with Firefox under linux OS, do you need a firewall?


man netstat you want 'netstat -tupan'

What _else_ are you serving? Then look at the several HOWTOs that
explain how to disable those services - a hint - they have the word
'Security' in the title. You also want to disable Java except
for trusted sites.

>If so, why?


echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all Ignore all pings
echo "1" > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses

HOWEVER - Firewalls can't protect you from doing dumb things.

Old guy

dave 01-28-2006 04:38 AM

Re: Newbie question: If you don't host a website, and....
 
Winged wrote : "It is easy to make an "opps" in configuring a system,
especially for a newbie, and a firewall will help protect you from
yourself."

ans: Yes, I need all the help I can get...

Todd H wrote: "However, misconfiguration is easy to do (e.g. how much
do you know about ipchains rule writing?),"...

ans: Nothing

"so for the whopping $50 it costs to get a router with a firewall in
it, why not have the extra layer of protection?"

That sounds well worth it to me !! I'm running Xandros 3.0 Linux
very happily, with a NetCard in the PCMCIA slot. The cable
goes to an old Bell Atlantic DSL modem, which of course connects
to the telephone line (the ISP provider is Verizon).

Would you kindly suggest what router to buy, and how I should
connect it up? I would guess that it is between NetCard and
DSL Modem. Right? Is there a chance that the router would
screw up my presently-OK Verizon connection and send me back
to square ONE ?? Verizon wasted hours of my time, before
finally kicking me up to Tech Level 3 and getting me
connected in 3 minutes. I don't want to start all over again.

Thanks for your patience, and in advance for your advice,

dave


q_q_anonymous@yahoo.co.uk 01-29-2006 12:42 AM

Re: Newbie question: If you don't host a website, and....
 

dave wrote:
> Winged wrote : "It is easy to make an "opps" in configuring a system,
> especially for a newbie, and a firewall will help protect you from
> yourself."
>
> ans: Yes, I need all the help I can get...
>
> Todd H wrote: "However, misconfiguration is easy to do (e.g. how much
> do you know about ipchains rule writing?),"...
>
> ans: Nothing
>
> "so for the whopping $50 it costs to get a router with a firewall in
> it, why not have the extra layer of protection?"
>
> That sounds well worth it to me !! I'm running Xandros 3.0 Linux
> very happily, with a NetCard in the PCMCIA slot. The cable
> goes to an old Bell Atlantic DSL modem, which of course connects
> to the telephone line (the ISP provider is Verizon).
>
> Would you kindly suggest what router to buy, and how I should
> connect it up? I would guess that it is between NetCard and
> DSL Modem. Right? Is there a chance that the router would
> screw up my presently-OK Verizon connection and send me back
> to square ONE ?? Verizon wasted hours of my time, before
> finally kicking me up to Tech Level 3 and getting me
> connected in 3 minutes. I don't want to start all over again.
>
> Thanks for your patience, and in advance for your advice,
>


not really the router screwing up your connection. If a level 3
technician solved your problem then clearly it was you that didn't know
how to set up your current router. (you along with the lower
technicians)

So if you got a new router then you might have the same problems trying
to set it up.

These Home Routers already block incoming connections by default -
similar to a firewall blocking incoming attacks. Maybe your home router
even has a firewall built in on top of that.


Meaning that even if you were running a web server then it'd be very
secure in the ridiculous sense that nobody outside your network will be
able to connect to it. Because your Router will block incoming
connections.

I don't see such a case for you getting a new router - yet.

I'm suprised that you're using linux if you're afraid of learning how
to configure a router to connect to the net. I guess something
traumatic happened to you whilst using Windows and instead of using
firefox in windows, you went all the way and used linux. Could still
be a good decision, but if you use linux then I think you should be
less worried about learning stuff like configuring your router.


dave 01-29-2006 02:51 AM

Re: Newbie question: If you don't host a website, and....
 
Thanks, from dave. That is a helpful reply that I can understand. I'm
a biologist, not an engineer; and I started trying to get rid of M$ in
the
late 90's, because I was wasting so much time trying to fix Win
problems.
They said linux was safe, stable, and "free"; so I started trying as a
newbie
and wasted a lot more time (on *early* releases of Caldera, Mandrake,
Suse,
Debian etc). I had no background in unix, and wasted more time
learning
some "Pi" or "emacs" or something. Someone said he would help if I
would
send him a 'log' of something. I did. Then, I realized that it had
ALL of my
passwords. Hmm. Was that helpful?

Then, I heard someone quip that "Linux was free, if you placed no value
on your time". Frustration. I sought help from newbie newsgroups.
Someone
said that we professionals (who were not engineers) should class-action
sue Bill Gates for the cumulative value of our lost time. Then he
wouldn't be a
billionaire anymore. Somebody had already thrown a pie at his face in
Paris.

So, I *really* appreciate simple,clear advice; instead of referral to
some
arcane site where I don't understand anything. Thanks again, dave


VanShania 01-29-2006 02:58 AM

Re: Newbie question: If you don't host a website, and....
 
What about this "NAT" ?

--
XP2600@171 fsb@1.65 Volts,
AIW9600XT, A7N8X-X
WD120gb + 80gb HD 8mb buffers
Plextor PX-712A, SB Live OEM
Thermaltake Lanfire, 420 Watt PS
Micrsoft Sidewinder Precision 2 Joystick
<q_q_anonymous@yahoo.co.uk> wrote in message
news:1138495364.709253.32080@o13g2000cwo.googlegro ups.com...
>
> dave wrote:
> > Winged wrote : "It is easy to make an "opps" in configuring a system,
> > especially for a newbie, and a firewall will help protect you from
> > yourself."
> >
> > ans: Yes, I need all the help I can get...
> >
> > Todd H wrote: "However, misconfiguration is easy to do (e.g. how much
> > do you know about ipchains rule writing?),"...
> >
> > ans: Nothing
> >
> > "so for the whopping $50 it costs to get a router with a firewall in
> > it, why not have the extra layer of protection?"
> >
> > That sounds well worth it to me !! I'm running Xandros 3.0 Linux
> > very happily, with a NetCard in the PCMCIA slot. The cable
> > goes to an old Bell Atlantic DSL modem, which of course connects
> > to the telephone line (the ISP provider is Verizon).
> >
> > Would you kindly suggest what router to buy, and how I should
> > connect it up? I would guess that it is between NetCard and
> > DSL Modem. Right? Is there a chance that the router would
> > screw up my presently-OK Verizon connection and send me back
> > to square ONE ?? Verizon wasted hours of my time, before
> > finally kicking me up to Tech Level 3 and getting me
> > connected in 3 minutes. I don't want to start all over again.
> >
> > Thanks for your patience, and in advance for your advice,
> >

>
> not really the router screwing up your connection. If a level 3
> technician solved your problem then clearly it was you that didn't know
> how to set up your current router. (you along with the lower
> technicians)
>
> So if you got a new router then you might have the same problems trying
> to set it up.
>
> These Home Routers already block incoming connections by default -
> similar to a firewall blocking incoming attacks. Maybe your home router
> even has a firewall built in on top of that.
>
>
> Meaning that even if you were running a web server then it'd be very
> secure in the ridiculous sense that nobody outside your network will be
> able to connect to it. Because your Router will block incoming
> connections.
>
> I don't see such a case for you getting a new router - yet.
>
> I'm suprised that you're using linux if you're afraid of learning how
> to configure a router to connect to the net. I guess something
> traumatic happened to you whilst using Windows and instead of using
> firefox in windows, you went all the way and used linux. Could still
> be a good decision, but if you use linux then I think you should be
> less worried about learning stuff like configuring your router.
>




Todd H. 01-29-2006 07:17 AM

Re: Newbie question: If you don't host a website, and....
 
"dave" <mdt1@columbia.edu> writes:
> "so for the whopping $50 it costs to get a router with a firewall in
> it, why not have the extra layer of protection?"
>
> That sounds well worth it to me !! I'm running Xandros 3.0 Linux
> very happily, with a NetCard in the PCMCIA slot. The cable
> goes to an old Bell Atlantic DSL modem, which of course connects
> to the telephone line (the ISP provider is Verizon).
>
> Would you kindly suggest what router to buy,


Linksys BEFSR 41 is a tried and true one and costs $50 or less.
newegg.com is a nice place to buy from.

> and how I should connect it up? I would guess that it is between
> NetCard and DSL Modem. Right?


Yup.

> Is there a chance that the router would screw up my presently-OK
> Verizon connection and send me back to square ONE ?? Verizon wasted
> hours of my time, before finally kicking me up to Tech Level 3 and
> getting me connected in 3 minutes. I don't want to start all over
> again.


Possibly. But these things are pretty darned easy to deal with these
days, and the instructions are pretty clear. I've never not been
able to make one work. For DSL you may have specify a username and
password in the router if you PPPoE style connection, but the
software that comes with teh linksys makes this stuff very easy to
configure.

> Thanks for your patience, and in advance for your advice,


No problem--a well thought out question from a reasonable person is
always enjoyable to help answer.

Best Regards,
--
Todd H.
http://www.toddh.net/

Brad 01-29-2006 09:20 PM

Re: Newbie question: If you don't host a website, and....
 
NAT (Network Address Translation) similar to and often confused with
PAT (Port Address Translation) is a method used by modern routers to
translate internal (or Local) addresses to outise (or Global)
addresses. The router simply maps internal address to the external
addresses, and translates them when required

Eg. in NAT the router will translate your 192.168.1.3 to its "actual"
global ip address of 15.0.0.1

Inside Local Address
192.168.1.3

Inside Global
15.0.0.1

Outside Global
18.0.0.5:


This is often confused with "Overloaded NAT" or PAT (Port Address
Translations), this allows several computers to use a single or limited
number of external ip addresses. It does this by mapping not only the
IP addresses but the Port Numbers as well. There are currently 65535
usable port numbers and therefore allows thousands of users in large
orginsations to access the internet. This adds an extra security
feature of preventing outside hosts from making connections with the
internal LAN, and the addresses have not been mapped unless an active
connection has been made between the hosts, (but a Virus/Trojan etc can
still make connections from your machine on your behalf and therefore a
software based firewall is still required in many situations).

Sorry for not being overly clear just drop me an email if you would
like any more info.



All times are GMT. The time now is 06:01 AM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.