Re: Can I protect my RedHat 7.2 box from port scanning?

From: grindel (grindel1_at_yahoo.com)
Date: 06/06/03 

Date: Thu, 05 Jun 2003 22:34:50 -0400

Kenneth A Kauffman wrote:

>
> "Massimo Ciscato" <massimo.ciscato@pandora.be> wrote in message
> news:pYNDa.39417$1u5.2846@afrodite.telenet-ops.be...
>> > Get a firewall.
>> ...
>> > Try to limit the stuff running on your machine.
>> ...
>>
>> I think that suggesting as first thing to get a firewall is wrong.
>> I'd rather say that first you should remove all the unnecessary services,
> so
>> that you close all the ports that you don't need.
>> Then keep up with the latest versions of the software for the services
> that
>> you need to run.
>> If necessary you can install a local firewall like iptables to further
> harden
>> your machine.
>> You should focus on the security of the machine and not rely on an
> external
>> firewall.
>>
>> Massimo
>
> Regards Massimo -
>
> I agree, the first measure should be to upgrade necessary services and
> shutdown unnecessary services. You can see really quickly which ports are
> wide open with a netstat -a | grep LISTEN.
>
> However, a firewall should be used. Whether it is in the form of a simple
> broadband router with NAT or implementing rulesets on the box with
> IPTABLES. *Not* considering a firewall is a poor choice.
>
> That being said, implementing the first step will go a long way to keep
> intruders out - but the firewall should definitely be the second step of
> your security.
>
> ken k

I don't agree with the idea of needing a firewall. Your point has merits
I'm not saying that firewalls aren't good security. However for a home user
a firewall is an added headache. He can secure his system adequately with
the by closing any unneeded services, updating his software and if he wants
using iptables. The need simply doesn't justify the use of a hardware
solution.

Administrating his system well can be just as effective as a hardware
solution.

To answer your questions about nmap. You can filter the ports on your system
so that they look stateless to a scanner. (Stateless means that the ports
will not respond to the request and appear stealthed.) If all ports are
stealth the machine looks like a hole in the internet it simply doesn't
exist if scanned. However putting you computer into this condition is not
recommended and may cause unwanted side effects. The best thing to do is to
follow the advice of the others. Update all of your software including your
kernel Most importantly your kernel. Close all services that you are not
using if you don't have need for a webserver then shut it down etc... Last
setup a packet filtering firewall. After you have done all of this your
computer would be very secure and could be cracked only by the best of
hackers. If you feel this is not secure enough and you think the investment
is worth it then by all means get a hardware firewall. However keep in-mind
you are only increasing your security by a small measure after you have
accomplished the other steps. Even after installing and configuring a
hardware firewall you are not bullet proof. You can still be hacked.

 

Relevant Pages

  • Re: Returned vulnerabilities, Messenger Spam, pls. HELP
    ... You should not enable XP's firewall if you are also running ... check for verification I achieved stealth status for all ports it can check. ... As a result for one or two days there was no Messenger Spam on my screen. ... But the messenger spam returned in a series and rechecked security did find ...
    (microsoft.public.windowsxp.security_admin)
  • Re: P2P and Firewall
    ... > wireless network use. ... First off, firewalls are for security. ... them specific ports to use and configuring the firewall to allow them to use ... Bottom line, it's my opinion that the two, firewall and p2p, tend to be ...
    (comp.security.firewalls)
  • Re: Tool to find hidden web proxy server
    ... >> This problem is strictly with in company internet access firewall and in the ... policy for Internet access says it is through IP ... >> default ports and distributed the internet access to their friends. ... admin & senior security consultant: ...
    (Pen-Test)
  • Re: network auditing
    ... You could have all the security holes under the sun and a firewall riddled wit holes, but if the hacker can get a valid user/pass combo they won't even bother to 'hack' away and maybe flag themselves up. ... Also, don't just look at what ports are open, look at what kinds of access you have from outside. ... I was just reading the thread on the "NASA security Audit" ...
    (Security-Basics)
  • Re: Root exploit for FreeBSD
    ... for two ports to my FreeBSD portscluster nodes. ... and it gives the firewall ... US this is also quite common, at least with regards to University ... if your computer is going to connect on our network it must be configured in certain ways and behave "normally" or you won't get a connection. ...
    (freebsd-questions)