Re: how to prevent hackers intrudion

From: norm (norm@sunperf.com)
Date: 11/14/02


From: norm@sunperf.com (norm)
Date: 13 Nov 2002 22:33:58 -0800


"Dejan" <dejan.tomazic@club.win-ini.si> wrote in message news:<GPAz9.364$tQ1.44618@news.siol.net>...
> Hi,
> I,m using DSL router D-Link DI804 and I'm concernd about if hackers can
> avoid my router with integrated FW and how to prevent attacks like that.
> Should I use another FW on each Linux box. What should last longer? I realy
> don't have any top secret data on my network but I'm not intresting to share
> my equipment with all that script-kiddies and hackers just to use my comp.
> to atack another.
>
> Thank you for helping

Most of these devices have a http based configuration.
Hence they have some sort of web server running. They also
often support SNMP, telnet, syslog and a variety of other
useful protocols which have security implications.

You should be able to specify that these services can only
be accessed from the LAN side (internal) rather than the
Internet side (ppp/cable). I would disable these services,
except the one you use to configure it. I have the telnet
service enabled, but only accessible from the LAN side. I
would spend some time investigating the options of your
router. By default it is probably wide open. (I have a
different brand router, but most have the same features.)

There is little harm in hardening your Linux boxes
so that they will only talk to each other or specific
services externally as an added precaution. It should
not be absolutely necessary, but hey snake proof boots
are only useful when you encounter snakes. Other wise
they seem pointless.

There are a lot applications on Linux which are
questionable from a security point of view, so hardening
each box individually is always a good idea.

I will concede, with a properly configured border router,
that the internal boxes should be fairly safe. Nonetheless
what is the proper configuration? The only way to check
your configuration is to have an IDS box and filters
logging suspect traffic for each host as a check for your
FW router.

Some good books are

Building Internet Firewalls, Zwicky, Cooper, Chapman.
O'Reilly

Linux Firewalls, Ziegler, New Riders

---------------------------------------------------------
And in that day will I make Jerusalem a burdensome stone
for all people: all that burden themselves with it shall
be cut in pieces, though all the people of the earth be
gathered together against it. Zechariah 12:3
http://www.sunperf.com - Performance Monitoring Tools
http://www.justhacked.org - UNIX Security



Relevant Pages