RE: seeking a better understanding

From: Andrew Blevins (ABlevins@arrowheadgrp.com)
Date: 01/21/02


From: Andrew Blevins <ABlevins@arrowheadgrp.com>
To: "'apif@sbcglobal.net'" <apif@sbcglobal.net>, security-basics@securityfocus.com
Date: Mon, 21 Jan 2002 08:20:48 -0800

Question #1 Emphatically yes, an intruder could do alot more than just
deface your site. Go to Google, and search for unicode vulnerability (if you
run IIS). This is just one example.
Question #2 I dunno, anyone else want to take this one?

-----Original Message-----
From: apif [mailto:apif@sbcglobal.net]
Sent: Saturday, January 19, 2002 2:26 AM
To: security-basics@securityfocus.com
Subject: RE: seeking a better understanding

I recieved one response to my original post... so maybe I am not in the
right conference / newsgroup. If this is so, please let me know. Otherwise,
the two following questions would scoot me along to understanding what I
need about basic security. Thanks.

1. Given port 80 (and only port 80) is open to the outside world, if someone
were to breach that port, could they do more than deface my website?

2. Is a home router that does src port blocking, packet intraspection, and
NATing enough, or do I need a middle box running some form of firewall
software too?

-----Original Message-----
From: apif [mailto:apif@sbcglobal.net]
Sent: Wednesday, January 16, 2002 2:25 PM
To: security-basics@securityfocus.com
Subject: seeking a better understanding

All,

        Where to begin? I have a home network, and am considering putting in
a web
server. At this point I am considering the security of it. I suppose the
best way to help you in helping me is to tell you a little about me, my
network, and how I plan on using this.

I'm from a technical background and support MS servers. I have very little
experience in Linux, and only a little in security. Security mostly comes
from another group in my company.

My connection to the internet is DSL. I am planning to upgrade it to a
premuim connection so that I can have static IP's. A domain name and DNS
registration will be a course of action further down the line.

My home network consists of less than 5 boxes, each running varying O/S's.
All MS O/S's are running personal firewalls. Other boxes are Linux.

I have a netgear R0318 router which is up to date on it's firmware. It
supports NATing, packet intospection, and blocks ports except where I
specify they should be allowed through.

So here is the run down. I'm weak on Linux, but that is what I want to put
the web server on. It will run on Apache web software. All machines are
behind the router, and all addresses are NAT'd. I would project out port 80
for the Slackware Linux machine, and no others (except maybe FTP at some
point unless you think this would not be wise). I currently do not have any
A/V software on my linux box (and to be honest, have no idea what sort of
A/V to put on a linux box).

Now that you have the background, my questions comes down to this. If port
80 is the only port allowed through, and someone chose to attack this port,
could they compromise my system, and if so how? What other steps should I
take to protect this system? I see IPTables (I guess it replaced IPchains)
in slackware. I know this is a firewall, but I don't think it is like the
personal firewall I have on MS boxes. I suspect it is more like a full corp
class firewall, and probably as complicated. Should I be using this on my
Slackware machine? Do you have any suggestions of what A/V software I should
use on a linux machine, and do the spot trojans as the MS ones do? Thank you
for your time. I'm sorry this was so long.



Relevant Pages

  • Re: seeking a better understanding
    ... > were to breach that port, could they do more than deface my website? ... Other boxes are Linux. ... I know this is a firewall, but I don't think it is like the ... > use on a linux machine, and do the spot trojans as the MS ones do? ...
    (Security-Basics)
  • RE: seeking a better understanding
    ... Good and ideal security should encourage you to use a dual- barrel ... non known port, NBT, known trojan, etc... ... or do I need a middle box running some form of firewall ... Other boxes are Linux. ...
    (Security-Basics)
  • [UNIX] Linux Kernel IP Masquerading Vulnerability
    ... Linux Kernel IP Masquerading Vulnerability ... firewall as being a legitimate, ... The attacker should listen on TCP port 6667 on the specified remote host ...
    (Securiteam)
  • RE: seeking a better understanding
    ... were to breach that port, could they do more than deface my website? ... or do I need a middle box running some form of firewall ... Other boxes are Linux. ... use on a linux machine, and do the spot trojans as the MS ones do? ...
    (Security-Basics)
  • Re: Network Routing Problems???
    ... >I am having problems getting a connection to my FreeBSD gateway from my ... >Mandrake 10 Linux Machine. ... The firewall on your FreeBSD box is blocking things. ...
    (comp.os.linux.networking)