I would like to know how hard it would be to close all unnecessary ports. I would like to be able to manually open ports that I need. Please post any necessary ports to computer operation.
I would like to know how hard it would be to close all unnecessary ports. I would like to be able to manually open ports that I need. Please post any necessary ports to computer operation.
Easy - install ufw and run it once.
Cheers,
Herman
You don't need any open TCP ports for typical computer usage. To close unnecessary TCP ports, don't install servers.
By default, avahi-daemon listens on a UDP port. I don't think it's necessary, but I don't think it's a security risk, either.Code:sudo netstat -tulnp
If you think you might install servers by accident, use a firewall.
Code:sudo apt-get install gufw gksudo gufw
Well, Linux is not windows. With a default installation there are no open ports.
You "open" a port by installing a srver (FTP, HTTP, SSH, etc).
In terms of "closing" ports, do you use a router ? If so, your ports are not accessable unless you forward them.
If you wish to restrict access you will need to configure your firewall (iptables). There are many applications to do this, UFW is installed by default.
https://help.ubuntu.com/community/Un...d_Firewall_ufwCode:sudo ufw default deny sudo ufw enable
See also
Ubuntu Security - Ubuntu Forums
There are two mistakes one can make along the road to truth...not going all the way, and not starting.
--Prince Gautama Siddharta
#ubuntuforums web interface
Thanks for all the posts.
Does anybody know of any good distros that come almost completely bare. Something that doesnt have anything on it that would require a port to be open. I mean obviously they would need to be opened at some point but I would like to install only specifics thing that use specific ports that I can keep track of.
I know this seems wierd but a friend of mine thinks he is a really good hacker of some sort and says no matter what I do he will be able to get in. He does consulting for corportations. So I figure the less I have on my computer for him to exploit the better.
The agreement is that I need to have an IM, Email, Browser, Ftp, Telnet clients installed. But there was no agreement for me to close all other ports but those and then carefully monitor those ports.
Any good firewalls, anti-spyware, and anti-virus would help as well and anything else anyone can think of.
I use a cable modem connected directly to my nic. I dont have a static ip or anything along those lines either.
Thanks for any help.
Any Linux distro will do
If you want to make his life difficult , install Fedora and enable SELinux.
The weak links in your listing are ftp and telnet. Telnet especially is almost like asking you to leave the keys in the ignition.
Tell your friend no on telnet, but that you are willing to install ssh. Then look here to secure it :
https://help.ubuntu.com/community/AdvancedOpenSSH
If you need a ftp server at least go with a more secure one such as proftp or vsftp (or better scp over your ssh server).
Your friend does not sound like a leet h3xor, s/he is asking you to open up your system and that is different then breaking in. You should not install any server or application you do not use. If you use telnet, convert to ssh. If you use ftp, convert to a more secure ftp server or scp.
I am a leet car thief. Please leave the keys in the Porsche, write your PIN on your bank card, and leave the doors open and I will show you how leet I really am
Last edited by bodhi.zazen; January 7th, 2009 at 03:06 AM.
There are two mistakes one can make along the road to truth...not going all the way, and not starting.
--Prince Gautama Siddharta
#ubuntuforums web interface
Lol, I found that funny. Also what about ftps? I'm not good with this stuff, but I think I've seen that pop up before. Something like how https is to http.
I told him no telnet and ftp. He said that those were more of an inside joke kind of thing and that they were not necessary. To tell you the truth this guy is not much of a friend, and seems to get cockier every time we speak. I really want to stick it to this guy and keep him out of my com. Someone please help me shut this guy up step by step. This is also a learning exp. for me so tutorials would be nice. I have officially moved from linux noob to script kiddy in the last year so I am comfortable with CLI.
Well you are giving me the impression your "friend" is more bark then bite.
Although almost any Linux distro will do, if I were you I would install Fedora and use SELinux. Then install snort and ossec. Finally ban his IP address (with iptables) if he does anything "funny" (watch snort and your logs).
Do not install any services or applications you do not use. Start with a minimal installation and build up. If you do not use a FTP server, for example, do not install one. If you do look at how to secure it. Same with http, ssh, samba, nfs, etc ...
Get a router and do not forward ports.
It is installing server applications that opens ports.
Security is a process not an absolute. The only secure computer is one that is powered down, disconnected from the internet, and locked away in a vault.
With that said the only real protection you have is education and monitoring of your system. There is no turn key security solution and although Linux is more secure then Windows it is not a replacement for your own education.
Start with the security stickies at the top of this page.
There are two mistakes one can make along the road to truth...not going all the way, and not starting.
--Prince Gautama Siddharta
#ubuntuforums web interface
You recommend snort, but what if he has wireless? Wouldn't he need a wireless version? I also believe AirSnort is way out of date and they recommend you use aircrack-ng or something.
Bookmarks