Re: Can I protect my RedHat 7.2 box from port scanning?

From: Khayman (khayman_psp_at_yaho.se)
Date: 06/06/03 

Date: 6 Jun 2003 08:27:30 +0200

grindel <grindel1@yahoo.com> wrote in
news:H1UDa.1425$Ft4.89363@news.uswest.net:

> I don't agree with the idea of needing a firewall. Your point has
> merits I'm not saying that firewalls aren't good security. However for
> a home user a firewall is an added headache. He can secure his system
> adequately with the by closing any unneeded services, updating his
> software and if he wants using iptables. The need simply doesn't
> justify the use of a hardware solution.
>

Ok, If I can jump back into the thread - the reason I recommended an
external firewall/router before going through services/updating/reading
at linuxsecurity.org/etc was that the user seemed quite inexperienced
with handling his RH.

In fact, I thought I was reading in a MS group at first...

The easiest way, IMHO, for a DSL user to setup a decent security is to
purchase an inexpensive router, and then, after that, try to learn all
the twists and turns of IPTables.
Sure, if he has the talent and time to learn it he can start with
disabling all the wierd stuff RH leaves running on his box and read
through the instructions for setting up Shorewall...

The question was "Can I protect my RedHat 7.2 box from port scanning?" -
and yes, sure, no sweat - he can with an external firewall/router.
Doing so he can leave all kinds of juicy RPC services running and no
iptable setup to protect them...
Sure, it's not advisable, but it's easy and he won't get cracked by
forgetting to upgrade this or that.

Khay.

Relevant Pages

  • Re: appliance firewall
    ... If you *do* need to protect from malicious people on the inside, you have far bigger problems than your firewall, and no SonicWall, Cisco, or any other standard device at any price is going to do the job - you need a network expert, not an off-the-shelf solution. ... In networks where that is realistic, you have experts running the security, and they don't use ready-made ready-configured firewalls. ... I personally would not recommend a firewall/router that had some artificial limit on the number of nodes or users (and I certainly wouldn't consider "cheating" to get round these limits - if you think the functionality is worth paying for it, ...
    (comp.os.linux.networking)
  • Re: ICMP (Ping)
    ... Paul Kurczaba wrote: ... > Are there any security issues for allowing a firewall/router to respond to ... technical IT security event. ... Symantec is the Diamond sponsor. ...
    (Security-Basics)
  • Distro for home firewall/router and possibly mail/web server?
    ... Anyone got experience or link to reviews or comparisons on what Linux ... firewall/router for my home LAN. ... I might want to add mail server, ... My main concerns are security and performance. ...
    (comp.security.firewalls)
  • block internet connection - solved
    ... from the netgear FVS318 firewall/router to the mac address of a nic on a ... prospectus based upon the core principle concepts of security. ... This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization ...
    (Security-Basics)
  • Re: Open all ports.
    ... I want to ensure that my iptables based firewall/router PC ... The PC only has two network interfaces, ... service iptables start ...
    (comp.os.linux.networking)