Basic Security Wiki (I can't leave "good enough" alone...)

[Ms. Daisy]

Since Dangertux's server fell over and his helpful tutorials no longer have the screenshots available, I took it upon myself to copy his firewall tutorial into a wiki. It is located here:

https://wiki.ubuntu.com/BasicSecurity/Firewall

I haven't gotten around to adding the screen shots of GUFW yet but I plan to (unless someone else feels like it, in which case feel free !)

I also added the missing photos into https://wiki.ubuntu.com/BasicSecurity/DidIJustGetOwned

Enjoy

[CharlesA]

Awesome! Thanks for your continued work with this.

[Pjotr123]

Why the need for those extra firewall rules? In my opinion the default set of rules is quite sensible and should suffice for 90 % of the users....

So for most users, merely switching on ufw should be quite enough:

Code:

sudo ufw enable

...and that's all.

[bodhi.zazen]

Why the need for those extra firewall rules? In my opinion the default set of rules is quite sensible and should suffice for 90 % of the users....

So for most users, merely switching on ufw should be quite enough:

Code:

sudo ufw enable

...and that's all.

I agree. But for those who wish to look deeper or those who want additional security the wiki page is a great asset.

Keep in mind, this is posted in the security section not general help, so most people here are looking for a little extra.

[Pjotr123]

I agree. But for those who wish to look deeper or those who want additional security the wiki page is a great asset.

Keep in mind, this is posted in the security section not general help, so most people here are looking for a little extra.

OK... I understand, and that makes sense.

But the main page of that wiki says this:

This guide is intended for the typical, average home user that is in the process of learning how to use Ubuntu. So if you just surf the net, play games (on-line & off-line), do on-line banking, education...then you are the intended audience.

Source: https://wiki.ubuntu.com/BasicSecurity/

Maybe that text should be altered?

[samiux]

I agreed with Pjotr123.

After reading the article, my first impression is that this article will put you into the trouble if you are not familiar with networking and TCP/IP.

For example, if you are using GMail, you may be in trouble as she uses different ports other than the article stated.

In my option, this kind of article is not recommanded.

Samiux

[haqking]

I agreed with Pjotr123.

After reading the article, my first impression is that this article will put you into the trouble if you are not familiar with networking and TCP/IP.

For example, if you are using GMail, you may be in trouble as she uses different ports other than the article stated.

In my option, this kind of article is not recommanded.

Samiux

Gmail ports are listed at the end as not everyone uses gmail.

it is a wiki, anyone can edit it if you feel it needs something.

[samiux]

After reading the article "DidIJustGetOwned", I am feeling that I am reading a joke.

First of all, rkhunter and chkrootkit are useless as they will make you very busy in the confirming the false postitive when your packages are just updated.

Clean (believed to be) logs cannot proof that nobody else has gain access your system from the outside world. It is because almost all attackers are using Tor or proxy as well as they will also spoof their IP addresses. In addition, they may also delete their footprints.

No attacker will create an unauthorized connection. They will use authorized connection instead. You cannot find the difference between malicious or not malicious.

The last thing is that what the attacker want to do after your system is compromised? Think about it!

Samiux

[CharlesA]

After reading the article "DidIJustGetOwned", I am feeling that I am reading a joke.

Congrats? It was written with the help of a few InfoSec people, namely Haqking and Dangertux.

It is on the wiki for people to improve it if they want.

[haqking]

After reading the article "DidIJustGetOwned", I am feeling that I am reading a joke.

First of all, rkhunter and chkrootkit are useless as they will make you very busy in the confirming the false postitive when your packages are just updated.

Clean (believed to be) logs cannot proof that nobody else has gain access your system from the outside world. It is because almost all attackers are using Tor or proxy as well as they will also spoof their IP addresses. In addition, they may also delete their footprints.

No attacker will create an unauthorized connection. They will use authorized connection instead. You cannot find the difference between malicious or not malicious.

The last thing is that what the attacker want to do after your system is compromised? Think about it!

Samiux

I didnt actually contribute anything to the DidIJutsgetowned wiki.

However from it:

This section will cover the basics of log auditing so that you can begin to understand which log output is concerning and which is probably harmless.

It is a basic summary to assist those entering a little deeper into securing their system giving an overall feel for what to look for.

In reference to your post, not all attackers are skilled and not all attackers cover their tracks, infact it is all to often uneducated or unskilled attackers and skiddies attack or try to attack systems and leave a wealth of information behind, this wiki covers the basics of what to look for.

It is not meant as a in-depth covering tracks wiki nor a in depth log auditing or forensic wiki.

Feel free to add to it where you think applicable bearing in mind what i have just said in keeping in line with not overcomplicating things or taking things to a Penetration test or Security Audit level, it is not meant as an Offensive Security Course