Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 23

Thread: Best security config/flavor?

  1. #11
    Join Date
    Jun 2012
    Beans
    310

    Re: Best security config/flavor?

    Quote Originally Posted by ant2ne View Post
    I disagree. Someone, even without root, could open a port running "service" in user space and allow more stuff in. If you close all incoming ports except those you want open then you are far more assured that there aren't any listeners.
    I've never understood the "no need for a firewall" statement:come to that,I may still be misunderstanding it,but assuming that a typical desktop computer will have at least one web browser installed,and seeing how many unwanted and unnecessary connections from a number of servers around the world target every computer connected to the net,how would anyone not want to set at (very) least the base policy of allow outgoing/deny incoming?

  2. #12
    Join Date
    Mar 2007
    Beans
    790

    Re: Best security config/flavor?

    The linux kernel disables/drops all incoming connections unless there is a server listening on that port. So that is the 'reason' for not having a firewall. And for most instances, that is a very good 'reason'. The only threat you might have is if someone installs or adds a "service" or runs an application that would be listening for a connection.

    Suppose I, NOT as root accidentally install a service, or malware that runs as a user and it that then wants to phone home. If my firewall is configured properly it WILL prevent that phone call.

    Suppose I, as root accidentally install a service, or malware that then wants to phone home. If my firewall is configured properly it should help prevent that phone call. The problem is most malware installed as root will root you anyway so it can easily modify the firewall too.
    Last edited by ant2ne; March 27th, 2014 at 09:10 PM.
    Registered Linux User: 450747 Registered Ubuntu User: 16269

  3. #13
    Join Date
    Sep 2007
    Location
    Oklahoma, USA
    Beans
    2,357
    Distro
    Xubuntu 16.04 Xenial Xerus

    Re: Best security config/flavor?

    Quote Originally Posted by ant2ne View Post
    The linux kernel disables/drops all incoming connections unless there is a server listening on that port. So that is the 'reason' for not having a firewall. And for most instances, that is a very good 'reason'. The only threat you might have is if someone installs or adds a "service" or runs an application that would be listening for a connection.

    Suppose I, NOT as root accidentally install a service, or malware that runs as a user and it that then wants to phone home. If my firewall is configured properly it WILL prevent that phone call.

    Suppose I, as root accidentally install a service, or malware that then wants to phone home. If my firewall is configured properly it should help prevent that phone call. The problem is most malware installed as root will root you anyway so it can easily modify the firewall too.
    Very good points, and on the basis of your "phone home" scenario I herewith retract my earlier advice. While having a firewall monitoring inbound packets is necessary only if you have something listening on a port, which implies installation of a server of some sort whether deliberately or accidentally, having one monitoring outbound packets is an essential part of security if one makes any use at all of the internet. I should have remembered that the one and only time I ever got a true virus infection (in the days before I came to Linux) was detected only by my outgoing firewall!
    --
    Jim Kyle in Oklahoma, USA
    Linux Counter #259718
    Howto mark thread: https://wiki.ubuntu.com/UnansweredPo.../SolvedThreads

  4. #14
    Join Date
    Jun 2012
    Beans
    310

    Re: Best security config/flavor?

    Quote Originally Posted by ant2ne View Post
    The linux kernel disables/drops all incoming connections unless there is a server listening on that port. So that is the 'reason' for not having a firewall. And for most instances, that is a very good 'reason'. The only threat you might have is if someone installs or adds a "service" or runs an application that would be listening for a connection.
    So,please excuse me if this sounds really naive,we can assume that as long as there are no servers/services listening,and there's only a web browser/mail client installed,having a firewall with only the basic allow outgoing/deny incoming policy is actually the same as having no firewall at all?
    Because,as you've explained above,the linux kernel will by default disable/drop anyways all incoming connections unless there is a server listening on that port.

    If so,a firewall will make sense only when writing more specific rules,or as a tool to monitor outbound packets,although the latter could probably be better achieved with other network tools?

  5. #15
    Join Date
    Nov 2008
    Location
    S.H.I.E.L.D. 6-1-6
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: Best security config/flavor?

    Quote Originally Posted by cogset View Post
    So,please excuse me if this sounds really naive,we can assume that as long as there are no servers/services listening,and there's only a web browser/mail client installed,having a firewall with only the basic allow outgoing/deny incoming policy is actually the same as having no firewall at all?
    Because,as you've explained above,the linux kernel will by default disable/drop anyways all incoming connections unless there is a server listening on that port.

    If so,a firewall will make sense only when writing more specific rules,or as a tool to monitor outbound packets,although the latter could probably be better achieved with other network tools?
    Few things to note

    a) Linux Kernel will drop connections to ports that are not open
    b) When you have a service that listens on a port (such as apache2), the port will then be open and accept connections. You can view ports in which a service is listening by running
    Code:
    lsof -i
    or
    Code:
    netstat -tnulp
    c) Some people (like me) add additional rules to increased security. For example, if someone hacked into my server, and started attempting to spam others, I have outgoing port 25 blocked (which prevents them from sending mail)
    Last edited by sandyd; April 2nd, 2014 at 02:11 AM.
    Don't waste your energy trying to change opinions ... Do your thing, and don't care if they like it.

  6. #16
    Join Date
    Sep 2007
    Location
    Oklahoma, USA
    Beans
    2,357
    Distro
    Xubuntu 16.04 Xenial Xerus

    Re: Best security config/flavor?

    Quote Originally Posted by cogset View Post
    If so,a firewall will make sense only when writing more specific rules,or as a tool to monitor outbound packets,although the latter could probably be better achieved with other network tools?
    I'm not at all sure that any "better" network tool than iptables exists. You are correct, though, that a properly configured rule set for the OUTPUT chain (that allows origination of http and https requests, and possibly a few more) to monitor and police outbound requests can definitely help should a hidden driveby attack (which are becoming more common) install something which then tries to call home.
    --
    Jim Kyle in Oklahoma, USA
    Linux Counter #259718
    Howto mark thread: https://wiki.ubuntu.com/UnansweredPo.../SolvedThreads

  7. #17
    Join Date
    Nov 2009
    Beans
    3,224

    Re: Best security config/flavor?

    A question ......... that I think I need to know ...........

    Does using "etherape" open up a security risk .......

    ( I ask this because when I have run it in the past it scares the **** out of me as to how many connections there are )

    Netstat -a seems to show who is listening and what might be a risk ....... but again without fully understanding how packets are being sent
    back and forth - how can we really tell which are more dangerous to have connected ...... like there are ones for geoip now ..... that were not
    originally there ....... on Ubuntu ......

    Not my field at all security - but when I have looked at it in more detail - all it does is cause more confusions than clear answers.

    As said .... the best and most secure is the computer that stays offline ..... having more than one computer for doing things seems to be the
    normal thing nowadays to keep any sense of privacy and security.

    Containers ...... Miro - seems good as you download once into a area and then watch the video - but it still needs the initial connection and download
    over the net ..... so I guess the vulnerable time is in that time frame - then you need to disconnect afterwards not leaving it open - even shut it down and
    go into the folder - run some other program to watch the video ..... rather than streaming .......

    Also keep an eye on htop for any unusual activity going on ..... or keep the main process's popping up on a conky screen where you can monitor things.
    Last edited by 23dornot23d; April 3rd, 2014 at 08:32 PM.

  8. #18
    Join Date
    Sep 2007
    Location
    Oklahoma, USA
    Beans
    2,357
    Distro
    Xubuntu 16.04 Xenial Xerus

    Re: Best security config/flavor?

    Like wireshark, etherape is a sniffer and can show you everything that's hitting your system -- and also, whether your system responds to it.

    Running either is not a security risk; they simply make you aware of just how great the risk at any moment actually is. Only if your system responds to this huge number of connection requests and lets any undesired ones in, is there a risk. And then, it's your system configuration at fault, not the program that lets you know about it.
    --
    Jim Kyle in Oklahoma, USA
    Linux Counter #259718
    Howto mark thread: https://wiki.ubuntu.com/UnansweredPo.../SolvedThreads

  9. #19
    Join Date
    Nov 2009
    Beans
    3,224

    Re: Best security config/flavor?

    Cheers for the reply ....

    I might use etherape a little more now just to scan around ..... but seen some very odd names popping up on it ......

    __________________________________________________ __________________

    Its like being inside a fort and all the attackers are around the walls ..... sometimes better to just stay inside the fort

    and not look out over the walls - I guess

  10. #20
    Join Date
    Sep 2007
    Location
    Oklahoma, USA
    Beans
    2,357
    Distro
    Xubuntu 16.04 Xenial Xerus

    Re: Best security config/flavor?

    Quote Originally Posted by 23dornot23d View Post
    Its like being inside a fort and all the attackers are around the walls ..... sometimes better to just stay inside the fort

    and not look out over the walls - I guess
    Seems to work pretty well for the ostrich -- until a hunter comes along while the bird's head is still in the sand.

    Awareness is good. So is caution. Fear and avoidance, not so much so...
    --
    Jim Kyle in Oklahoma, USA
    Linux Counter #259718
    Howto mark thread: https://wiki.ubuntu.com/UnansweredPo.../SolvedThreads

Page 2 of 3 FirstFirst 123 LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •