Re: Can I protect my RedHat 7.2 box from port scanning?
From: Khayman (khayman_psp_at_yaho.se)
Date: 6 Jun 2003 08:27:30 +0200
grindel <firstname.lastname@example.org> wrote in
> I don't agree with the idea of needing a firewall. Your point has
> merits I'm not saying that firewalls aren't good security. However for
> a home user a firewall is an added headache. He can secure his system
> adequately with the by closing any unneeded services, updating his
> software and if he wants using iptables. The need simply doesn't
> justify the use of a hardware solution.
Ok, If I can jump back into the thread - the reason I recommended an
external firewall/router before going through services/updating/reading
at linuxsecurity.org/etc was that the user seemed quite inexperienced
with handling his RH.
In fact, I thought I was reading in a MS group at first...
The easiest way, IMHO, for a DSL user to setup a decent security is to
purchase an inexpensive router, and then, after that, try to learn all
the twists and turns of IPTables.
Sure, if he has the talent and time to learn it he can start with
disabling all the wierd stuff RH leaves running on his box and read
through the instructions for setting up Shorewall...
The question was "Can I protect my RedHat 7.2 box from port scanning?" -
and yes, sure, no sweat - he can with an external firewall/router.
Doing so he can leave all kinds of juicy RPC services running and no
iptable setup to protect them...
Sure, it's not advisable, but it's easy and he won't get cracked by
forgetting to upgrade this or that.