Re: seeking a better understanding

From: Andrei Vlad Pascal (andrei.pascal@fransmaas.ro)
Date: 01/22/02 

From: "Andrei Vlad Pascal" <andrei.pascal@fransmaas.ro>
To: "Security Basics" <SECURITY-BASICS@SECURITYFOCUS.COM>
Date: Tue, 22 Jan 2002 09:48:00 +0200

----- Original Message -----
From: "apif" <apif@sbcglobal.net>
To: <security-basics@securityfocus.com>
Sent: Thursday, 17 January, 2002 12:25 AM
Subject: seeking a better understanding

Hi apif,

[...]

| Now that you have the background, my questions comes down to this. If
port
| 80 is the only port allowed through, and someone chose to attack this
port,
| could they compromise my system, and if so how? What other steps
should I
| take to protect this system? I see IPTables (I guess it replaced
IPchains)
| in slackware. I know this is a firewall, but I don't think it is like
the
| personal firewall I have on MS boxes. I suspect it is more like a full
corp
| class firewall, and probably as complicated. Should I be using this on
my
| Slackware machine? Do you have any suggestions of what A/V software I
should
| use on a linux machine, and do the spot trojans as the MS ones do?
Thank you
| for your time. I'm sorry this was so long.
|

Yes, you can use iptables. It is a very performant netfilter (and yes,
it replaced ipchains) but you have to study a little. A very good place
to begin with is http://netfilter.samba.org where you have a
comprehensive tutorial about iptables. Then you can consider the Linux
Documantation Project.
iptables gives you a lot of flexibility, but it's not very complicated.

As an A/V software, I can tell you that here we use amavis
(www.amavis.org) with Sophos antivirus. (however we only use it for mail
scanning. But it detects MS trojans and not only.)

Hope this helps.

Regards,
Andrei Pascal
Network Administrator
Frans Maas Romania srl
Phone +40 (0)1 230 8731
Fax +40 (0)1 230 8709

Linux registered user #221713

I haven't lost my mind -- it's backed up on tape somewhere.

Relevant Pages

  • Firewall Rules Summary
    ... Subject: Firewall Rules Summary ... This script is provided "as is" with no implied warranty. ... this came from various howtos and articles on iptables that existed around ... #specific port denies>1024 tcp ...
    (Focus-Linux)
  • RE: seeking a better understanding
    ... were to breach that port, could they do more than deface my website? ... or do I need a middle box running some form of firewall ... Other boxes are Linux. ... use on a linux machine, and do the spot trojans as the MS ones do? ...
    (Security-Basics)
  • Re: seeking a better understanding
    ... > were to breach that port, could they do more than deface my website? ... Other boxes are Linux. ... I know this is a firewall, but I don't think it is like the ... > use on a linux machine, and do the spot trojans as the MS ones do? ...
    (Security-Basics)
  • RE: seeking a better understanding
    ... were to breach that port, could they do more than deface my website? ... or do I need a middle box running some form of firewall ... Other boxes are Linux. ... use on a linux machine, and do the spot trojans as the MS ones do? ...
    (Security-Basics)
  • Re: firewall performance throughput between Linux and OpenBSD
    ... > The firewall is used to connect a private network to the internet. ... > ftp-proxy and the linux box does not. ... Running with a full pf rules file or the wideopen version ... > full rules file using iptables. ...
    (comp.unix.bsd.openbsd.misc)