dsl security requirementsForum: Networking Topic: dsl security requirements started by: lovdsl Posted by lovdsl on April 16 2006,03:23
I have become rather use to my dsl desktop and seem to use it now more often for surfing and checking the mail. I often forget I am useing linux as I also used opera on windows.I am curious about security and if I need to add anything to feel comfortable. I noticed that there is an ip tables and rc firewall for ip tables in the repository..do I need to add these for dial up security? it only said iptables for dsl security in the info and the rc firewall seems to be an addition to it, perhaps a gui? I have never used a firewall or configured one. this is a stand alone hd install. I guess the question is what will a fire wall do for me and do I need both ip tables and rcfirewall to add this to dsl.. what would I fear? well someone reading my mail or monitoring my surfing without my knowing or stealing my ip address and useing it I guess..not that it really matters but would be nice to know about.. any comforting tidbits would be appreciated..thanks Posted by green on April 16 2006,15:57
The odds are in your favor for not falling into trouble on the net. However, that is not to say that you are immune. I have used DSL many times, unprotected, straight to the net. The best case scenario I can think of is to lay your paws on some old hardware: 200Mhz CPU, 64 to 128 MB RAM, 1 to 2 Gb HDD, 2 or 3 NIC cards. In my area, that'll run you from $0 to maybe $50 at the highest. Then go to < http://www.SmoothWall.org > and grab SmoothWall Express 2.0, it's free and comes as a bootable .iso. It installs easy. I have used a SmoothWall for a couple or three years now and have not had any issues that I am aware of. I use DSL without any kind of iptables, rcfirewall, condom, etc. and all seems well. The SmoothWall will protect you. When I used to have winblows in my house, I didn't have any issues with virus/hacking while at home, but I did sitting behind a Cisco PIX at work. Go figure.
Posted by roberts on April 16 2006,16:04
You may find this thread interesing on < open ports >
Posted by lovdsl on April 17 2006,00:21
Thanks green..smooth looks well...smooth...I may play with that at a later date just to learn something so kept the link..do not have a machine to play with that at the moment..but a good choice for me being what some may call a lame noob..hahaThanks roberts for the interesting post, I did not see it..I honestly do not buy into fearwear so use old machines as protection since they cost nothing to replace, regarding virus etc..but have wondered how stupid I really am...and every one talks about firewalls and anti this and that..so I am curious truly.. This machine is a stand alone with no multi users and has to my knowledge two ports..one for the mouse and one for the modem..but I no nothing about porting really.. .How would I boot with nodhcp and would I open a terminal after connection and type sudo pkill pump...what does that do? and do I open a terninal and type sudo netstat-tul.. if this is to lame ignore me....what is the worst that could happen...someone taps into the fact I have a dentist appointment on tuesday..I really just want to learn more about dsl because I like it..blablabla sorry.. adding...forgot to add a space..got this dsl@box:~$ netstat -tul Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 *:dict *:* LISTEN dsl@box:~$ only need the localhost for dict but could not find the file to remove *.* listen for the dictd.org online server..not a dsl...as you mention in the other post not sure it is an issue but thanks for the view.. this is while online Posted by green on April 17 2006,03:45
lovdsl,I'm not really to clear on what you are getting at. However, some basic commands that came to mind while reading your post are below. To boot without dhcp, at the boot prompt type: dsl nodhcp You can also add it to the grub boot list if needed. If you do that, you'll need to manually give your machine an ip address. You can use: netstat -a to list all your open ports and current connections to the outside world. You can also get the nmap extension from the repository in the network section and scan yourself (127.0.0.1) or others too. Posted by lovdsl on April 17 2006,13:26
Green...thanks..I have learned a new command..netstat -ip..via play with netstat -tul and netstat -a and reading the posts..for what thats worth to my limited understandingyou are not clear as I am not being clear..sorry..this is not likely the place for such stupid questions. haveing little understanding of how an os makes me vulnerable and dsl haveing been a gift and a free os I became curious about it and decided I wanted to learn more...I guess I started here but need more knowledge to ask a valid question in a forum.. what would regard dsl currently.. is if I am unaware of any required setup details regarding my particular choice of use..I think it is likely designed to be as safe as possible but due to great flexibility offered in dsl, thought that maby I had to turn off the dhcp or something if I used dial up..to insure correct porting..and that additional programs may add to vulnerability by listening when connections were made...In this case I thought dict was always listening...and may be stopped since I really never use the online part of dict ...ya I know.. WHAT AM I TALKING ABOUT..sorry.. THANKS FOR RESPONDING Posted by green on April 17 2006,14:12
lovdsl,i like your enthusiasm for DSL and wanting to learn about it. Keep it up! |