[Chester LUG] Security
Paul Williams
wilp4a at hotmail.co.uk
Thu May 22 12:01:23 UTC 2008
Fairy nuff. I realise that you might not have the time to go through IPtables at length (esp if at work, and I'm out in a bit. Can you recommend a site that could guide a newbie like me through the minefield and so that I don't end up castrating my internet? ;P
Date: Thu, 22 May 2008 12:56:41 +0100
From: e-mail at mcrilly.co.uk
To: chester at mailman.lug.org.uk
Subject: Re: [Chester LUG] Security
iptables is a packet filter which was included with th 2.4.* kernel I believe. It's a part of the netfilter routines in the kernel(?)
It's complex to manage from the console, but you learn a lot.
On 5/22/08, Paul Williams <wilp4a at hotmail.co.uk> wrote:
oops. my bad. ok. whats with these iptables then?
Date: Thu, 22 May 2008 12:50:15 +0100
From: e-mail at mcrilly.co.uk
To: chester at mailman.lug.org.uk
Subject: Re: [Chester LUG] Security
Firestarter is a front end, not the actual firewall. The firewall is 'iptables', Firestarter is just a GUI for configuring it. DO NOT HAVE FIRESTARTER RUNNING CONSTANTLY! :)
On 5/22/08, Paul Williams <wilp4a at hotmail.co.uk> wrote:
Hey, I'm willing to try just about anything (up to a point). Until then, is there any way to get firestarter to load up automatically when I fire up Ubuntu?
Date: Thu, 22 May 2008 10:46:45 +0100
From: e-mail at mcrilly.co.uk
To: chester at mailman.lug.org.uk
Subject: Re: [Chester LUG] Security
No idea when it comes to AV on Linux (or even Windows); I'm just careful what I install/use. I'd suggest learning iptables's syntax as you'll learn a lot and get a better understanding about networking, such as packet states and NATing.
On 5/21/08, Paul Williams <wilp4a at hotmail.co.uk> wrote:
Cheers for all these tips, guys.
Have installed firestarter. Will let you know how it goes...
As for anti virus. I use AVG with XP, and have it disabled unless needed for a scan. I was hoping for the same for Linux. Will Clamav do the job, or is there someting better out there?
> From: r.downing at dl.ac.uk
> To: chester at mailman.lug.org.uk
> Subject: Re: [Chester LUG] Security
> Date: Wed, 21 May 2008 20:32:22 +0100
>
> On Wednesday 21 May 2008 18:56:49 Michael Crilly wrote:
> > Firewall - again, what distro? Ubuntu has iptables ready to go. To
> > make it easier install firestarter.
> Firestarter is good, or indeed Shorewall. Firestarter is probably more simple
> to use though. Realistically though, if you are not running any services such
> as web servers or things of that ilk (things that others would connect _to_ )
> then a firewall is not useful.
> Clam AV is good, but does not operate in the same way as Windows antivirus
> tools. It's meant to be used periodically, scanning a system for infected
> files. It (afaik, I may be wrong) does not intercept file accesses like
> Norton AV and friends. Also, I know it's a bit blase of me, but the virus
> threat for linux machines is still really only theoretical. Proof of concept
> viruses have been written but the writers have a hard job on their hands
> coping with the many different systems out there. A windows machine is a
> windows machine is a windows machine, so if you can infect one you can infect
> them all (modulo patches etc).
> The worrisome things are the rootkits but once again the typicl attack vectors
> are going to be active services your machine offers.
>
> >
> > I haven't installed antivirus my self.
> Me neither. I found a good use for it though was to scan the Windows install
> also on the computer when that got knocked out by a virus.
>
> >
> > If you are on ubuntu, then please! Reconfigure the default sudo
> > configuration file. It's poorly designed and a normal user's password
> > is as good as the root password - not good.
> How would you change things? I'm with you in that it's better to become root
> with the correct password, but for ease of use it's good to only have to
> remember your login password plus have the benefit of cached credentials
> meaning frequent use of admin programs does not require repeated
> authentication.
>
>
> --
> Roger Downing
> eScience systems administrator
> STFC
> Daresbury Laboratories
> Keckwick Lane
> Warrington
> WA4 4AD
>
> Tel: 01925 603937
> Mbl: 07880 736154
>
> _______________________________________________
> Chester mailing list
> Chester at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/chester
Get fish-slapping on Messenger! Play Now
_______________________________________________
Chester mailing list
Chester at mailman.lug.org.uk
https://mailman.lug.org.uk/mailman/listinfo/chester
--
M. T. Crilly
http://www.mcrilly.co.uk/
Get 5GB of online storage for free! Get it Now!
_______________________________________________
Chester mailing list
Chester at mailman.lug.org.uk
https://mailman.lug.org.uk/mailman/listinfo/chester
--
M. T. Crilly
http://www.mcrilly.co.uk/
Get 5GB of online storage for free! Get it Now!
_______________________________________________
Chester mailing list
Chester at mailman.lug.org.uk
https://mailman.lug.org.uk/mailman/listinfo/chester
--
M. T. Crilly
http://www.mcrilly.co.uk/
_________________________________________________________________
http://clk.atdmt.com/UKM/go/msnnkmgl0010000009ukm/direct/01/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/chester/attachments/20080522/ccb9df88/attachment.html>
More information about the Chester
mailing list