[Chester LUG] Security

David Holden dh at iucr.org
Thu May 22 14:48:29 UTC 2008 

On Thursday 22 May 2008, Michael Crilly wrote:
> Don't see the point in webmin JUST for configuring a firewall, when
> Firestarter would be simpler to install (which he's already done) and
> faster.

horses for courses, webmin linux firewall configuration has some nice features 
it also seems to write simpler iptables rule sets than firestarter and of 
course with webmin you get so much more..

dave.



>
> On 5/22/08, David Holden <dh at iucr.org> wrote:
> > On Thursday 22 May 2008, Michael Crilly wrote:
> > > http://iptables-tutorial.frozentux.net/iptables-tutorial.html
> >
> > webmin has a nice interface to this.
> >
> > http://www.webmin.com/
> >
> > Dave.
> >
> > > On 5/22/08, Paul Williams <wilp4a at hotmail.co.uk> wrote:
> > > > Fairy nuff.  I realise that you might not have the time to go through
> > > > IPtables at length (esp if at work, and I'm out in a bit.  Can you
> > > > recommend a site that could guide a newbie like me through the
> >
> > minefield
> >
> > > > and so that I don't end up castrating my internet? ;P
> > > >
> > > >  ------------------------------
> > > > Date: Thu, 22 May 2008 12:56:41 +0100
> > > > From: e-mail at mcrilly.co.uk
> > > > To: chester at mailman.lug.org.uk
> > > > Subject: Re: [Chester LUG] Security
> > > >
> > > > iptables is a packet filter which was included with th 2.4.* kernel I
> > > > believe. It's a part of the netfilter routines in the kernel(?)
> > > >
> > > > It's complex to manage from the console, but you learn a lot.
> > > >
> > > >
> > > > On 5/22/08, *Paul Williams* <wilp4a at hotmail.co.uk> wrote:
> > > >
> > > > oops.  my bad.  ok.  whats with these iptables then?
> > > >
> > > >  ------------------------------
> > > > Date: Thu, 22 May 2008 12:50:15 +0100
> > > > From: e-mail at mcrilly.co.uk
> > > > To: chester at mailman.lug.org.uk
> > > > Subject: Re: [Chester LUG] Security
> > > >
> > > > Firestarter is a front end, not the actual firewall. The firewall is
> > > > 'iptables', Firestarter is just a GUI for configuring it. DO NOT HAVE
> > > > FIRESTARTER RUNNING CONSTANTLY! :)
> > > >
> > > > On 5/22/08, *Paul Williams* <wilp4a at hotmail.co.uk> wrote:
> > > >
> > > > Hey, I'm willing to try just about anything (up to a point).  Until
> >
> > then,
> >
> > > > is there any way to get firestarter to load up automatically when I
> >
> > fire
> >
> > > > up Ubuntu?
> > > >
> > > >  ------------------------------
> > > > Date: Thu, 22 May 2008 10:46:45 +0100
> > > > From: e-mail at mcrilly.co.uk
> > > > To: chester at mailman.lug.org.uk
> > > > Subject: Re: [Chester LUG] Security
> > > >
> > > > No idea when it comes to AV on Linux (or even Windows); I'm just
> >
> > careful
> >
> > > > what I install/use. I'd suggest learning iptables's syntax as you'll
> > > > learn a lot and get a better understanding about networking, such as
> > > > packet states and NATing.
> > > >
> > > > On 5/21/08, *Paul Williams* <wilp4a at hotmail.co.uk> wrote:
> > > >
> > > > Cheers for all these tips, guys.
> > > >
> > > > Have installed firestarter.  Will let you know how it goes...
> > > >
> > > > As for anti virus.  I use AVG with XP, and have it disabled unless
> >
> > needed
> >
> > > > for a scan.  I was hoping for the same for Linux.  Will Clamav do the
> > > > job, or is there someting better out there?
> > > >
> > > > > From: r.downing at dl.ac.uk
> > > > > To: chester at mailman.lug.org.uk
> > > > > Subject: Re: [Chester LUG] Security
> > > > > Date: Wed, 21 May 2008 20:32:22 +0100
> > > > >
> > > > > On Wednesday 21 May 2008 18:56:49 Michael Crilly wrote:
> > > > > > Firewall - again, what distro? Ubuntu has iptables ready to go.
> > > > > > To make it easier install firestarter.
> > > > >
> > > > > Firestarter is good, or indeed Shorewall. Firestarter is probably
> >
> > more
> >
> > > > simple
> > > >
> > > > > to use though. Realistically though, if you are not running any
> > > > > services
> > > >
> > > > such
> > > >
> > > > > as web servers or things of that ilk (things that others would
> >
> > connect
> >
> > > > _to_ )
> > > >
> > > > > then a firewall is not useful.
> > > > > Clam AV is good, but does not operate in the same way as Windows
> > > >
> > > > antivirus
> > > >
> > > > > tools. It's meant to be used periodically, scanning a system for
> > > > > infected
> > > > >
> > > > > files. It (afaik, I may be wrong) does not intercept file accesses
> >
> > like
> >
> > > > > Norton AV and friends. Also, I know it's a bit blase of me, but the
> > > > > virus
> > > > >
> > > > > threat for linux machines is still really only theoretical. Proof
> > > > > of
> > > >
> > > > concept
> > > >
> > > > > viruses have been written but the writers have a hard job on their
> > > > > hands coping with the many different systems out there. A windows
> > > > > machine is a windows machine is a windows machine, so if you can
> >
> > infect
> >
> > > > > one you can
> > > >
> > > > infect
> > > >
> > > > > them all (modulo patches etc).
> > > > > The worrisome things are the rootkits but once again the typicl
> >
> > attack
> >
> > > > vectors
> > > >
> > > > > are going to be active services your machine offers.
> > > > >
> > > > > > I haven't installed antivirus my self.
> > > > >
> > > > > Me neither. I found a good use for it though was to scan the
> > > > > Windows
> > > >
> > > > install
> > > >
> > > > > also on the computer when that got knocked out by a virus.
> > > > >
> > > > > > If you are on ubuntu, then please! Reconfigure the default sudo
> > > > > > configuration file. It's poorly designed and a normal user's
> >
> > password
> >
> > > > > > is as good as the root password - not good.
> > > > >
> > > > > How would you change things? I'm with you in that it's better to
> >
> > become
> >
> > > > root
> > > >
> > > > > with the correct password, but for ease of use it's good to only
> > > > > have to remember your login password plus have the benefit of
> > > > > cached credentials meaning frequent use of admin programs does not
> > > > > require repeated authentication.
> > > > >
> > > > >
> > > > > --
> > > > > Roger Downing
> > > > > eScience systems administrator
> > > > > STFC
> > > > > Daresbury Laboratories
> > > > > Keckwick Lane
> > > > > Warrington
> > > > > WA4 4AD
> > > > >
> > > > > Tel: 01925 603937
> > > > > Mbl: 07880 736154
> > > > >
> > > > > _______________________________________________
> > > > > Chester mailing list
> > > > > Chester at mailman.lug.org.uk
> > > > > https://mailman.lug.org.uk/mailman/listinfo/chester
> > > >
> > > > ------------------------------
> > > > Get fish-slapping on Messenger! Play
> > > > Now<http://clk.atdmt.com/UKM/go/msnnkmgl0010000008ukm/direct/01/>
> > > >
> > > > _______________________________________________
> > > > Chester mailing list
> > > > Chester at mailman.lug.org.uk
> > > > https://mailman.lug.org.uk/mailman/listinfo/chester
> > > >
> > > >
> > > >
> > > >
> > > > --
> > > > M. T. Crilly
> > > > http://www.mcrilly.co.uk/
> > > >
> > > >
> > > > ------------------------------
> > > > Get 5GB of online storage for free! Get it Now!
> > > > <http://clk.atdmt.com/UKM/go/msnnkmgl0010000005ukm/direct/01/>
> > > >
> > > > _______________________________________________
> > > > Chester mailing list
> > > > Chester at mailman.lug.org.uk
> > > > https://mailman.lug.org.uk/mailman/listinfo/chester
> > > >
> > > >
> > > >
> > > >
> > > > --
> > > > M. T. Crilly
> > > > http://www.mcrilly.co.uk/
> > > >
> > > >
> > > > ------------------------------
> > > > Get 5GB of online storage for free! Get it Now!
> > > > <http://clk.atdmt.com/UKM/go/msnnkmgl0010000005ukm/direct/01/>
> > > >
> > > > _______________________________________________
> > > > Chester mailing list
> > > > Chester at mailman.lug.org.uk
> > > > https://mailman.lug.org.uk/mailman/listinfo/chester
> > > >
> > > >
> > > >
> > > >
> > > > --
> > > > M. T. Crilly
> > > > http://www.mcrilly.co.uk/
> > > >
> > > >
> > > > ------------------------------
> > > > Get fish-slapping on Messenger! Play
> > > > Now<http://clk.atdmt.com/UKM/go/msnnkmgl0010000008ukm/direct/01/>
> > > >
> > > > _______________________________________________
> > > > Chester mailing list
> > > > Chester at mailman.lug.org.uk
> > > > https://mailman.lug.org.uk/mailman/listinfo/chester
> >
> > --
> > Dr. David Holden.
> >
> > See: <http://www.gnu.org/philosophy/no-word-attachments.html>
> > regarding Word or PowerPoint. GPG key available on request.
> > -------------------------------------------------------------
> >
> > _______________________________________________
> > Chester mailing list
> > Chester at mailman.lug.org.uk
> > https://mailman.lug.org.uk/mailman/listinfo/chester



-- 
Dr. David Holden.

See: <http://www.gnu.org/philosophy/no-word-attachments.html>
regarding Word or PowerPoint. GPG key available on request.
-------------------------------------------------------------

More information about the Chester mailing list