Linux

Discussion in 'Computer Security' started by Spammicus Killius, Jan 10, 2004.

  1. Whch Linux REh Hat etc.

    Is the easier to configure for security purposes (I'm new to Linux)?

    What other proggies that are not supplied with the install may be
    needed.?


    The Linux box will connect to B-Band & the Windows to it.

    Spammicus Killius:NO EMAIL REPLIES
    Spammicus Killius, Jan 10, 2004
    #1
    1. Advertising

  2. Spammicus Killius

    Dazz Guest

    On Sat, 10 Jan 2004 14:27:05 +0000, Spammicus Killius
    <> wrote:

    >Whch Linux REh Hat etc.
    >
    >Is the easier to configure for security purposes (I'm new to Linux)?
    >
    >What other proggies that are not supplied with the install may be
    >needed.?
    >
    >
    >The Linux box will connect to B-Band & the Windows to it.


    Learing linux is a good idea, however, you don't really want to learn
    about security on something that is internet connected, because if you
    misconfigure something, then the chances are that someone other than
    you will "own" that box ... and pretty quickly too.

    I'd recommend learning about security on another machine if at all
    possible, at least until you have developed a better knowledge of
    linux.

    There's quite a few security distro's based on linux out there that
    might make your life a little bit easier.

    Check out the following sites:

    http://www.smoothwall.org - Smoothwall.
    http://www.ipcop.org - IPCop (a Smoothwall derivative).

    There's quite a few others out there, but Smoothwall is one of the
    best.

    I used to avoid recommending Smoothwall to people, but that was all
    due to an abusive former company director of Smoothwall - he has since
    left the Smoothwall team.

    There's plenty of security how-to's out there for linux, and a google
    for securing linux shows up plenty of links.

    http://www.google.com.au/search?q=how to secure linux&ie=UTF-8&oe=UTF-8&hl=en&meta=

    It might also be worthwhile heading over the The Linux Documentation
    Project as well - http://www.tldp.org .

    Dazz

    >Spammicus Killius:NO EMAIL REPLIES
    Dazz, Jan 10, 2004
    #2
    1. Advertising

  3. "Dazz" <> wrote in message
    news:...
    > On Sat, 10 Jan 2004 14:27:05 +0000, Spammicus Killius
    > <> wrote:
    >
    > >Whch Linux REh Hat etc.
    > >
    > >Is the easier to configure for security purposes (I'm new to Linux)?
    > >
    > >What other proggies that are not supplied with the install may be
    > >needed.?
    > >
    > >
    > >The Linux box will connect to B-Band & the Windows to it.

    >
    > Learing linux is a good idea, however, you don't really want to learn
    > about security on something that is internet connected, because if you
    > misconfigure something, then the chances are that someone other than
    > you will "own" that box ... and pretty quickly too.
    >
    > I'd recommend learning about security on another machine if at all
    > possible, at least until you have developed a better knowledge of
    > linux.
    >
    > There's quite a few security distro's based on linux out there that
    > might make your life a little bit easier.
    >
    > Check out the following sites:
    >
    > http://www.smoothwall.org - Smoothwall.
    > http://www.ipcop.org - IPCop (a Smoothwall derivative).
    >
    > There's quite a few others out there, but Smoothwall is one of the
    > best.


    If you want more than a pure firewall (Apache etc) than I've also used
    ClarkConnect - it also helped that this was (at the time) based on the
    shipping version of RH Linux, rather than the much older version that
    SmoothWall was using (no support for my particular NICs).

    One of the safer ways to learn is to setup a box in your DMZ, and play with
    that..

    --

    Hairy One Kenobi

    Disclaimer: the opinions expressed in this opinion do not necessarily
    reflect the opinions of the highly-opinionated person expressing the opinion
    in the first place. So there!
    Hairy One Kenobi, Jan 10, 2004
    #3
  4. Spammicus Killius

    Rowdy Yates Guest

    "Hairy One Kenobi" <abuse@[127.0.0.1]> wrote in
    news:irZLb.472$:

    > "Dazz" <> wrote in message
    > news:...
    >> On Sat, 10 Jan 2004 14:27:05 +0000, Spammicus Killius
    >> <> wrote:
    >>
    >> >Whch Linux REh Hat etc.
    >> >
    >> >Is the easier to configure for security purposes (I'm new to Linux)?
    >> >
    >> >What other proggies that are not supplied with the install may be
    >> >needed.?
    >> >
    >> >
    >> >The Linux box will connect to B-Band & the Windows to it.

    >>
    >> Learing linux is a good idea, however, you don't really want to learn
    >> about security on something that is internet connected, because if
    >> you misconfigure something, then the chances are that someone other
    >> than you will "own" that box ... and pretty quickly too.
    >>
    >> I'd recommend learning about security on another machine if at all
    >> possible, at least until you have developed a better knowledge of
    >> linux.
    >>
    >> There's quite a few security distro's based on linux out there that
    >> might make your life a little bit easier.
    >>
    >> Check out the following sites:
    >>
    >> http://www.smoothwall.org - Smoothwall.
    >> http://www.ipcop.org - IPCop (a Smoothwall derivative).
    >>
    >> There's quite a few others out there, but Smoothwall is one of the
    >> best.

    >
    > If you want more than a pure firewall (Apache etc) than I've also used
    > ClarkConnect - it also helped that this was (at the time) based on the
    > shipping version of RH Linux, rather than the much older version that
    > SmoothWall was using (no support for my particular NICs).
    >
    > One of the safer ways to learn is to setup a box in your DMZ, and play
    > with that..
    >


    there are linux distro's that are specifically geared towards firewall
    security. check out "distowatch" for a listing.

    but as mentioned earlier, you want to be real good on linux if you are
    going to use it as a security measure. you have to be able to know how to
    go in and configure/edit config files.

    --
    Rowdy Yates
    MCSE, Security+, Linux+
    I am Against-TCPA
    http://www.againsttcpa.com
    Rowdy Yates, Jan 10, 2004
    #4
  5. "Rowdy Yates" <> wrote in message
    news:Xns946CBF86A5EADrowdyyatesnospamlyco@66.185.95.104...
    > "Hairy One Kenobi" <abuse@[127.0.0.1]> wrote in
    > news:irZLb.472$:
    >
    > > "Dazz" <> wrote in message
    > > news:...
    > >> On Sat, 10 Jan 2004 14:27:05 +0000, Spammicus Killius
    > >> <> wrote:


    <snip>

    > >> There's quite a few security distro's based on linux out there that
    > >> might make your life a little bit easier.
    > >>
    > >> Check out the following sites:
    > >>
    > >> http://www.smoothwall.org - Smoothwall.
    > >> http://www.ipcop.org - IPCop (a Smoothwall derivative).
    > >>
    > >> There's quite a few others out there, but Smoothwall is one of the
    > >> best.

    > >
    > > If you want more than a pure firewall (Apache etc) than I've also used
    > > ClarkConnect - it also helped that this was (at the time) based on the
    > > shipping version of RH Linux, rather than the much older version that
    > > SmoothWall was using (no support for my particular NICs).
    > >
    > > One of the safer ways to learn is to setup a box in your DMZ, and play
    > > with that..
    > >

    >
    > there are linux distro's that are specifically geared towards firewall
    > security. check out "distowatch" for a listing.
    >
    > but as mentioned earlier, you want to be real good on linux if you are
    > going to use it as a security measure. you have to be able to know how to
    > go in and configure/edit config files.


    Erm.. quite. Like the ones listed above (!)

    TBH, neither SmoothWall of ClarkConnect requires more than a very basic
    knowledge of computers to get set up. (With the possible exception of
    playing guess-the-NIC with very old versions of SmoothWall).

    ClarkConnect isn't a true firewall (it tries to do too much), but is (IMHO)
    a good compromise for a home user who wishes to run a small website on their
    connection. It gets a bit "fun" if you try and configure it to forward FTP
    elsewhere, though ;o)

    H1K
    Hairy One Kenobi, Jan 11, 2004
    #5
  6. Spammicus Killius

    Rowdy Yates Guest

    "Hairy One Kenobi" <abuse@[127.0.0.1]> wrote in
    news:Di9Mb.801$:

    > "Rowdy Yates" <> wrote in message
    > news:Xns946CBF86A5EADrowdyyatesnospamlyco@66.185.95.104...
    >> "Hairy One Kenobi" <abuse@[127.0.0.1]> wrote in
    >> news:irZLb.472$:
    >>
    >> > "Dazz" <> wrote in message
    >> > news:...
    >> >> On Sat, 10 Jan 2004 14:27:05 +0000, Spammicus Killius
    >> >> <> wrote:

    >
    > <snip>
    >
    >> >> There's quite a few security distro's based on linux out there
    >> >> that might make your life a little bit easier.
    >> >>
    >> >> Check out the following sites:
    >> >>
    >> >> http://www.smoothwall.org - Smoothwall.
    >> >> http://www.ipcop.org - IPCop (a Smoothwall derivative).
    >> >>
    >> >> There's quite a few others out there, but Smoothwall is one of the
    >> >> best.
    >> >
    >> > If you want more than a pure firewall (Apache etc) than I've also
    >> > used ClarkConnect - it also helped that this was (at the time)
    >> > based on the shipping version of RH Linux, rather than the much
    >> > older version that SmoothWall was using (no support for my
    >> > particular NICs).
    >> >
    >> > One of the safer ways to learn is to setup a box in your DMZ, and
    >> > play with that..
    >> >

    >>
    >> there are linux distro's that are specifically geared towards
    >> firewall security. check out "distowatch" for a listing.
    >>
    >> but as mentioned earlier, you want to be real good on linux if you
    >> are going to use it as a security measure. you have to be able to
    >> know how to go in and configure/edit config files.

    >
    > Erm.. quite. Like the ones listed above (!)
    >
    > TBH, neither SmoothWall of ClarkConnect requires more than a very
    > basic knowledge of computers to get set up. (With the possible
    > exception of playing guess-the-NIC with very old versions of
    > SmoothWall).
    >
    > ClarkConnect isn't a true firewall (it tries to do too much), but is
    > (IMHO) a good compromise for a home user who wishes to run a small
    > website on their connection. It gets a bit "fun" if you try and
    > configure it to forward FTP elsewhere, though ;o)
    >
    > H1K
    >
    >
    >


    point taken. still, you should be pretty good w/linux - to use it as an
    enterprise firewall. you want to be able to go in there and do
    cusomizatons without relying on ng's & opensource community to hold your
    hand every step of the way.



    --
    Rowdy Yates
    MCSE, Security+, Linux+
    I am Against-TCPA
    http://www.againsttcpa.com
    Rowdy Yates, Jan 11, 2004
    #6
  7. "Rowdy Yates" <> wrote in message
    news:Xns946D62157CE5Frowdyyatesnospamlyco@66.185.95.104...
    > "Hairy One Kenobi" <abuse@[127.0.0.1]> wrote in
    > news:Di9Mb.801$:
    >
    > > "Rowdy Yates" <> wrote in message
    > > news:Xns946CBF86A5EADrowdyyatesnospamlyco@66.185.95.104...
    > >> "Hairy One Kenobi" <abuse@[127.0.0.1]> wrote in
    > >> news:irZLb.472$:
    > >>
    > >> > "Dazz" <> wrote in message
    > >> > news:...
    > >> >> On Sat, 10 Jan 2004 14:27:05 +0000, Spammicus Killius
    > >> >> <> wrote:

    > >
    > > <snip>
    > >
    > >> >> There's quite a few security distro's based on linux out there
    > >> >> that might make your life a little bit easier.
    > >> >>
    > >> >> Check out the following sites:
    > >> >>
    > >> >> http://www.smoothwall.org - Smoothwall.
    > >> >> http://www.ipcop.org - IPCop (a Smoothwall derivative).
    > >> >>
    > >> >> There's quite a few others out there, but Smoothwall is one of the
    > >> >> best.
    > >> >
    > >> > If you want more than a pure firewall (Apache etc) than I've also
    > >> > used ClarkConnect - it also helped that this was (at the time)
    > >> > based on the shipping version of RH Linux, rather than the much
    > >> > older version that SmoothWall was using (no support for my
    > >> > particular NICs).
    > >> >
    > >> > One of the safer ways to learn is to setup a box in your DMZ, and
    > >> > play with that..
    > >> >
    > >>
    > >> there are linux distro's that are specifically geared towards
    > >> firewall security. check out "distowatch" for a listing.
    > >>
    > >> but as mentioned earlier, you want to be real good on linux if you
    > >> are going to use it as a security measure. you have to be able to
    > >> know how to go in and configure/edit config files.

    > >
    > > Erm.. quite. Like the ones listed above (!)
    > >
    > > TBH, neither SmoothWall of ClarkConnect requires more than a very
    > > basic knowledge of computers to get set up. (With the possible
    > > exception of playing guess-the-NIC with very old versions of
    > > SmoothWall).
    > >
    > > ClarkConnect isn't a true firewall (it tries to do too much), but is
    > > (IMHO) a good compromise for a home user who wishes to run a small
    > > website on their connection. It gets a bit "fun" if you try and
    > > configure it to forward FTP elsewhere, though ;o)


    > point taken. still, you should be pretty good w/linux - to use it as an
    > enterprise firewall. you want to be able to go in there and do
    > cusomizatons without relying on ng's & opensource community to hold your
    > hand every step of the way.


    Sorry - loggerheads time ;o)

    The main technical challenge I found with ClarkConnect (not necessarily
    something one would use an an Enterprise firewall/server, unless we're
    talking TNG's Mr. Data ;o) was inserting the CD the right way up.

    Given /that/ it's not exactly difficult to install. Like most similar
    distros, it either "just happens" or you get to duplicate the "ducks look
    serene from above the waterline" view of life ;o)

    (For those people about to claim a convert: Linux wobbles just as well as it
    rocks. Ditto Windows, and any form of *nix that I've come across. Even VMS
    and mainframe stuff, if one "pushes" hard enough.

    As goes relative vulnerabilities - when was the last time *you* debugged a
    HAL-9000? ;o)

    H1K

    P.S. I /did/ get the CD the right way up.. ;o)

    P.P.S. Kudos to the guy/gal that remembers the AE-35 component in Linux -
    came across it years back, can't remember!
    Hairy One Kenobi, Jan 11, 2004
    #7
  8. On Sat, 10 Jan 2004 14:27:05 +0000, Spammicus Killius
    <> wrote:

    >Whch Linux REh Hat etc.
    >
    >Is the easier to configure for security purposes (I'm new to Linux)?
    >
    >What other proggies that are not supplied with the install may be
    >needed.?
    >
    >The Linux box will connect to B-Band & the Windows to it.


    Any of the major distros will do - the most user-friendly ones are
    Mandrake, Lycoris and Xandros - the latter two because they try to
    make their desktop look like Windows a bit.

    For security, look into Guarddog and Bastille Linux - the former is a
    front-end to setting up the built-in Linux firewall, the latter is a
    set of scripts that helps lock down Linux while informing you about
    why and how it should be locked down.

    Guarddog is here http://www.simonzone.com/software/guarddog/

    Bastille Linux is here http://www.bastille-linux.org/


    --
    Richard Steven Hack
    "Whatever does not kill me makes me stronger" -
    and YOU have not killed me!
    Richard Steven Hack, Jan 12, 2004
    #8
  9. Spammicus Killius

    elsid Guest

    "Richard Steven Hack" <> wrote in message
    news:...
    > On Sat, 10 Jan 2004 14:27:05 +0000, Spammicus Killius
    > <> wrote:
    >
    > >Whch Linux REh Hat etc.
    > >
    > >Is the easier to configure for security purposes (I'm new to Linux)?
    > >
    > >What other proggies that are not supplied with the install may be
    > >needed.?
    > >

    To really lock down your system see Mastiff, www.crbn.com for a free trail
    that supports up to 3 systems. Give your files total protection from
    hackers, terrorists, industrial spies and even government intelligence
    agencies.

    Ben
    elsid, Jan 12, 2004
    #9
  10. On Mon, 12 Jan 2004 08:24:43 -0800, "elsid" <> wrote:

    >To really lock down your system see Mastiff, www.crbn.com for a free trail
    >that supports up to 3 systems. Give your files total protection from
    >hackers, terrorists, industrial spies and even government intelligence
    >agencies.


    Just looking at that Web site makes me suspicious. A quick Google
    shows this software has been spammed all over the place but does not
    appear to have reviewed by any recognized security organization. They
    even have a Freshmeat page put up by the same handle used to place the
    ads all over the place, one "elsid".

    And nothing is going to keep the NSA out of your system if they want
    in, if they have to black-bag you.

    This rings like really fraudulent spam crap.

    Until someone competent reviews this stuff - which claims to be able
    to override even "super-user privileges" - which sounds like bullshit
    to me - I wouldn't touch this thing with a ten-foot pole.


    --
    Richard Steven Hack
    "Whatever does not kill me makes me stronger" -
    and YOU have not killed me!
    Richard Steven Hack, Jan 13, 2004
    #10
  11. Spammicus Killius

    elsid Guest

    This is a standard responce we get from people, "its technically imposible"
    and "it is too good to be true" but by all means down load the software and
    try it.

    After all if you start with a clean system and prevent any one, regardless
    of privilege, from accessing the disk, excluding trusted applications then
    with the exception of having the system physically stolen, the data stored
    on it is impenetrable.

    If you like you can come to my offices, Ottawa, Canada and I will give you a
    demonstration.

    We have had it beta tested by the Universicy of Ottawa, Ottawa; St. Lawence
    College, Cornwall; Netwinder Inc., Ottawa, and Thore Systems, Halifax. Our
    technical advisers include senior staff from Zarlink (Mitel), Rebel.com (now
    defunct) and Nortel.

    Robert

    "Richard Steven Hack" <> wrote in message
    news:...
    > On Mon, 12 Jan 2004 08:24:43 -0800, "elsid" <> wrote:
    >
    > >To really lock down your system see Mastiff, www.crbn.com for a free

    trail
    > >that supports up to 3 systems. Give your files total protection from
    > >hackers, terrorists, industrial spies and even government intelligence
    > >agencies.

    >
    > Just looking at that Web site makes me suspicious. A quick Google
    > shows this software has been spammed all over the place but does not
    > appear to have reviewed by any recognized security organization. They
    > even have a Freshmeat page put up by the same handle used to place the
    > ads all over the place, one "elsid".
    >
    > And nothing is going to keep the NSA out of your system if they want
    > in, if they have to black-bag you.
    >
    > This rings like really fraudulent spam crap.
    >
    > Until someone competent reviews this stuff - which claims to be able
    > to override even "super-user privileges" - which sounds like bullshit
    > to me - I wouldn't touch this thing with a ten-foot pole.
    >
    >
    > --
    > Richard Steven Hack
    > "Whatever does not kill me makes me stronger" -
    > and YOU have not killed me!
    elsid, Jan 13, 2004
    #11
  12. On Tue, 13 Jan 2004 08:52:15 -0800, "elsid" <> wrote:

    >This is a standard responce we get from people, "its technically imposible"
    >and "it is too good to be true" but by all means down load the software and
    >try it.


    Not a chance until it's reviewed by someone I trust.

    >After all if you start with a clean system and prevent any one, regardless
    >of privilege, from accessing the disk, excluding trusted applications then
    >with the exception of having the system physically stolen, the data stored
    >on it is impenetrable.


    And on Linux, just how do you prevent root from doing whatever he
    wants? Do you invade the kernel? And that is certified by whom as
    either safe or reliable?

    DRM is supposed to do the same thing you claim and a lot of experts
    don't buy it. Therefore I am suspicious of your claims until I see
    someone verify them.

    >If you like you can come to my offices, Ottawa, Canada and I will give you a
    >demonstration.


    Yeah, right.

    >We have had it beta tested by the Universicy of Ottawa, Ottawa; St. Lawence
    >College, Cornwall; Netwinder Inc., Ottawa, and Thore Systems, Halifax. Our
    >technical advisers include senior staff from Zarlink (Mitel), Rebel.com (now
    >defunct) and Nortel.


    Who have what reputations in the security community?

    Send me a letter from Bruce Schneier saying it works and I'll consider
    it.


    --
    Richard Steven Hack
    "Whatever does not kill me makes me stronger" -
    and YOU have not killed me!
    Richard Steven Hack, Jan 14, 2004
    #12
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Nick de Graeve

    Importing TB mail from linux in linux

    Nick de Graeve, Oct 4, 2004, in forum: Firefox
    Replies:
    0
    Views:
    621
    Nick de Graeve
    Oct 4, 2004
  2. Adrian de los Santos

    Linux-Cisco-ADSL-Cisco-Linux Connection hangs....

    Adrian de los Santos, Jul 22, 2003, in forum: Cisco
    Replies:
    6
    Views:
    879
    David Van Cleef
    Jul 22, 2003
  3. JSH
    Replies:
    0
    Views:
    1,835
  4. Ste
    Replies:
    1
    Views:
    750
    Peter Garzarella
    Aug 29, 2004
  5. Have a nice cup of pee

    Linux... yeah linux.. Linux

    Have a nice cup of pee, Apr 12, 2006, in forum: NZ Computing
    Replies:
    19
    Views:
    616
    Bette Noir
    Apr 17, 2006
Loading...

Share This Page