[Chester LUG] Security

Michael Crilly e-mail at mcrilly.co.uk
Thu May 22 14:15:36 UTC 2008


Don't see the point in webmin JUST for configuring a firewall, when
Firestarter would be simpler to install (which he's already done) and
faster.

On 5/22/08, David Holden <dh at iucr.org> wrote:
>
> On Thursday 22 May 2008, Michael Crilly wrote:
> > http://iptables-tutorial.frozentux.net/iptables-tutorial.html
>
> webmin has a nice interface to this.
>
> http://www.webmin.com/
>
> Dave.
>
>
> >
> > On 5/22/08, Paul Williams <wilp4a at hotmail.co.uk> wrote:
> > > Fairy nuff.  I realise that you might not have the time to go through
> > > IPtables at length (esp if at work, and I'm out in a bit.  Can you
> > > recommend a site that could guide a newbie like me through the
> minefield
> > > and so that I don't end up castrating my internet? ;P
> > >
> > >  ------------------------------
> > > Date: Thu, 22 May 2008 12:56:41 +0100
> > > From: e-mail at mcrilly.co.uk
> > > To: chester at mailman.lug.org.uk
> > > Subject: Re: [Chester LUG] Security
> > >
> > > iptables is a packet filter which was included with th 2.4.* kernel I
> > > believe. It's a part of the netfilter routines in the kernel(?)
> > >
> > > It's complex to manage from the console, but you learn a lot.
> > >
> > >
> > > On 5/22/08, *Paul Williams* <wilp4a at hotmail.co.uk> wrote:
> > >
> > > oops.  my bad.  ok.  whats with these iptables then?
> > >
> > >  ------------------------------
> > > Date: Thu, 22 May 2008 12:50:15 +0100
> > > From: e-mail at mcrilly.co.uk
> > > To: chester at mailman.lug.org.uk
> > > Subject: Re: [Chester LUG] Security
> > >
> > > Firestarter is a front end, not the actual firewall. The firewall is
> > > 'iptables', Firestarter is just a GUI for configuring it. DO NOT HAVE
> > > FIRESTARTER RUNNING CONSTANTLY! :)
> > >
> > > On 5/22/08, *Paul Williams* <wilp4a at hotmail.co.uk> wrote:
> > >
> > > Hey, I'm willing to try just about anything (up to a point).  Until
> then,
> > > is there any way to get firestarter to load up automatically when I
> fire
> > > up Ubuntu?
> > >
> > >  ------------------------------
> > > Date: Thu, 22 May 2008 10:46:45 +0100
> > > From: e-mail at mcrilly.co.uk
> > > To: chester at mailman.lug.org.uk
> > > Subject: Re: [Chester LUG] Security
> > >
> > > No idea when it comes to AV on Linux (or even Windows); I'm just
> careful
> > > what I install/use. I'd suggest learning iptables's syntax as you'll
> > > learn a lot and get a better understanding about networking, such as
> > > packet states and NATing.
> > >
> > > On 5/21/08, *Paul Williams* <wilp4a at hotmail.co.uk> wrote:
> > >
> > > Cheers for all these tips, guys.
> > >
> > > Have installed firestarter.  Will let you know how it goes...
> > >
> > > As for anti virus.  I use AVG with XP, and have it disabled unless
> needed
> > > for a scan.  I was hoping for the same for Linux.  Will Clamav do the
> > > job, or is there someting better out there?
> > >
> > > > From: r.downing at dl.ac.uk
> > > > To: chester at mailman.lug.org.uk
> > > > Subject: Re: [Chester LUG] Security
> > > > Date: Wed, 21 May 2008 20:32:22 +0100
> > > >
> > > > On Wednesday 21 May 2008 18:56:49 Michael Crilly wrote:
> > > > > Firewall - again, what distro? Ubuntu has iptables ready to go. To
> > > > > make it easier install firestarter.
> > > >
> > > > Firestarter is good, or indeed Shorewall. Firestarter is probably
> more
> > >
> > > simple
> > >
> > > > to use though. Realistically though, if you are not running any
> > > > services
> > >
> > > such
> > >
> > > > as web servers or things of that ilk (things that others would
> connect
> > >
> > > _to_ )
> > >
> > > > then a firewall is not useful.
> > > > Clam AV is good, but does not operate in the same way as Windows
> > >
> > > antivirus
> > >
> > > > tools. It's meant to be used periodically, scanning a system for
> > > > infected
> > > >
> > > > files. It (afaik, I may be wrong) does not intercept file accesses
> like
> > > > Norton AV and friends. Also, I know it's a bit blase of me, but the
> > > > virus
> > > >
> > > > threat for linux machines is still really only theoretical. Proof of
> > >
> > > concept
> > >
> > > > viruses have been written but the writers have a hard job on their
> > > > hands coping with the many different systems out there. A windows
> > > > machine is a windows machine is a windows machine, so if you can
> infect
> > > > one you can
> > >
> > > infect
> > >
> > > > them all (modulo patches etc).
> > > > The worrisome things are the rootkits but once again the typicl
> attack
> > >
> > > vectors
> > >
> > > > are going to be active services your machine offers.
> > > >
> > > > > I haven't installed antivirus my self.
> > > >
> > > > Me neither. I found a good use for it though was to scan the Windows
> > >
> > > install
> > >
> > > > also on the computer when that got knocked out by a virus.
> > > >
> > > > > If you are on ubuntu, then please! Reconfigure the default sudo
> > > > > configuration file. It's poorly designed and a normal user's
> password
> > > > > is as good as the root password - not good.
> > > >
> > > > How would you change things? I'm with you in that it's better to
> become
> > >
> > > root
> > >
> > > > with the correct password, but for ease of use it's good to only have
> > > > to remember your login password plus have the benefit of cached
> > > > credentials meaning frequent use of admin programs does not require
> > > > repeated authentication.
> > > >
> > > >
> > > > --
> > > > Roger Downing
> > > > eScience systems administrator
> > > > STFC
> > > > Daresbury Laboratories
> > > > Keckwick Lane
> > > > Warrington
> > > > WA4 4AD
> > > >
> > > > Tel: 01925 603937
> > > > Mbl: 07880 736154
> > > >
> > > > _______________________________________________
> > > > Chester mailing list
> > > > Chester at mailman.lug.org.uk
> > > > https://mailman.lug.org.uk/mailman/listinfo/chester
> > >
> > > ------------------------------
> > > Get fish-slapping on Messenger! Play
> > > Now<http://clk.atdmt.com/UKM/go/msnnkmgl0010000008ukm/direct/01/>
> > >
> > > _______________________________________________
> > > Chester mailing list
> > > Chester at mailman.lug.org.uk
> > > https://mailman.lug.org.uk/mailman/listinfo/chester
> > >
> > >
> > >
> > >
> > > --
> > > M. T. Crilly
> > > http://www.mcrilly.co.uk/
> > >
> > >
> > > ------------------------------
> > > Get 5GB of online storage for free! Get it Now!
> > > <http://clk.atdmt.com/UKM/go/msnnkmgl0010000005ukm/direct/01/>
> > >
> > > _______________________________________________
> > > Chester mailing list
> > > Chester at mailman.lug.org.uk
> > > https://mailman.lug.org.uk/mailman/listinfo/chester
> > >
> > >
> > >
> > >
> > > --
> > > M. T. Crilly
> > > http://www.mcrilly.co.uk/
> > >
> > >
> > > ------------------------------
> > > Get 5GB of online storage for free! Get it Now!
> > > <http://clk.atdmt.com/UKM/go/msnnkmgl0010000005ukm/direct/01/>
> > >
> > > _______________________________________________
> > > Chester mailing list
> > > Chester at mailman.lug.org.uk
> > > https://mailman.lug.org.uk/mailman/listinfo/chester
> > >
> > >
> > >
> > >
> > > --
> > > M. T. Crilly
> > > http://www.mcrilly.co.uk/
> > >
> > >
> > > ------------------------------
> > > Get fish-slapping on Messenger! Play
> > > Now<http://clk.atdmt.com/UKM/go/msnnkmgl0010000008ukm/direct/01/>
> > >
> > > _______________________________________________
> > > Chester mailing list
> > > Chester at mailman.lug.org.uk
> > > https://mailman.lug.org.uk/mailman/listinfo/chester
>
>
>
> --
> Dr. David Holden.
>
> See: <http://www.gnu.org/philosophy/no-word-attachments.html>
> regarding Word or PowerPoint. GPG key available on request.
> -------------------------------------------------------------
>
> _______________________________________________
> Chester mailing list
> Chester at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/chester
>



-- 
M. T. Crilly
http://www.mcrilly.co.uk/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/chester/attachments/20080522/82fd2924/attachment.html>


More information about the Chester mailing list