Re: seeking a better understanding

From: Enphourell Security (
Date: 01/22/02

Date: Mon, 21 Jan 2002 19:53:10 -0500
From: Enphourell Security <>

If you're just a home user, doing your thing and cruising the net, you should be fine. If you are running servers/services or a company, your ip is more open to traffic and thats where you might want to impliment a better firewall and hardening solution.

On Mon, 21 Jan 2002 08:20:48 -0800
Andrew Blevins <> wrote:

> Question #1 Emphatically yes, an intruder could do alot more than just
> deface your site. Go to Google, and search for unicode vulnerability (if you
> run IIS). This is just one example.
> Question #2 I dunno, anyone else want to take this one?
> -----Original Message-----
> From: apif []
> Sent: Saturday, January 19, 2002 2:26 AM
> To:
> Subject: RE: seeking a better understanding
> I recieved one response to my original post... so maybe I am not in the
> right conference / newsgroup. If this is so, please let me know. Otherwise,
> the two following questions would scoot me along to understanding what I
> need about basic security. Thanks.
> 1. Given port 80 (and only port 80) is open to the outside world, if someone
> were to breach that port, could they do more than deface my website?
> 2. Is a home router that does src port blocking, packet intraspection, and
> NATing enough, or do I need a middle box running some form of firewall
> software too?
> -----Original Message-----
> From: apif []
> Sent: Wednesday, January 16, 2002 2:25 PM
> To:
> Subject: seeking a better understanding
> All,
> Where to begin? I have a home network, and am considering putting in
> a web
> server. At this point I am considering the security of it. I suppose the
> best way to help you in helping me is to tell you a little about me, my
> network, and how I plan on using this.
> I'm from a technical background and support MS servers. I have very little
> experience in Linux, and only a little in security. Security mostly comes
> from another group in my company.
> My connection to the internet is DSL. I am planning to upgrade it to a
> premuim connection so that I can have static IP's. A domain name and DNS
> registration will be a course of action further down the line.
> My home network consists of less than 5 boxes, each running varying O/S's.
> All MS O/S's are running personal firewalls. Other boxes are Linux.
> I have a netgear R0318 router which is up to date on it's firmware. It
> supports NATing, packet intospection, and blocks ports except where I
> specify they should be allowed through.
> So here is the run down. I'm weak on Linux, but that is what I want to put
> the web server on. It will run on Apache web software. All machines are
> behind the router, and all addresses are NAT'd. I would project out port 80
> for the Slackware Linux machine, and no others (except maybe FTP at some
> point unless you think this would not be wise). I currently do not have any
> A/V software on my linux box (and to be honest, have no idea what sort of
> A/V to put on a linux box).
> Now that you have the background, my questions comes down to this. If port
> 80 is the only port allowed through, and someone chose to attack this port,
> could they compromise my system, and if so how? What other steps should I
> take to protect this system? I see IPTables (I guess it replaced IPchains)
> in slackware. I know this is a firewall, but I don't think it is like the
> personal firewall I have on MS boxes. I suspect it is more like a full corp
> class firewall, and probably as complicated. Should I be using this on my
> Slackware machine? Do you have any suggestions of what A/V software I should
> use on a linux machine, and do the spot trojans as the MS ones do? Thank you
> for your time. I'm sorry this was so long.