 |
|
|
|
Next: USER AUTHENTICATION FAILED
|
| Author |
Message |
External
Since: Jun 23, 2003
Posts: 1
|
(Msg. 1) Posted: Sun Jun 22, 2003 9:51 pm
Post subject: securing single debian box against internet attacks
Archived from groups: comp>os>linux>security (more info?)
|
|
|
I am on broadband and I wish to secure my debian box before putting it
on the internet. I have a LinkSys G54 broadband router and 'firewall'
but as a firewall it is limited (spoofed tcp ACK packets get by, etc.)
Hence, I need to protect my desktop debian box against attacks. It's
used just a simple desktop machine, it doesn't need to route or bridge
or any of that. What is the easiest way to harden it against network
attacks? I've read the firewall HOW-TO etc. but I was wondering if
there is a more convenient way than having to recompile the kernel?
For instance, is there a debian package that would aid me?
thanks |
|
| Back to top |
|
 | |
External
Since: Jun 23, 2003
Posts: 1
|
(Msg. 2) Posted: Mon Jun 23, 2003 10:44 am
Post subject: Re: securing single debian box against internet attacks [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
User wrote:
> I am on broadband and I wish to secure my debian box before putting it
> on the internet. I have a LinkSys G54 broadband router and 'firewall'
> but as a firewall it is limited (spoofed tcp ACK packets get by, etc.)
> Hence, I need to protect my desktop debian box against attacks. It's
> used just a simple desktop machine, it doesn't need to route or bridge
> or any of that. What is the easiest way to harden it against network
> attacks? I've read the firewall HOW-TO etc. but I was wondering if
> there is a more convenient way than having to recompile the kernel?
> For instance, is there a debian package that would aid me?
>
> thanks
Mostly... just disable unneeded services... and make sure the needed
ones are configured properly... I've never enabled a firewall solution
on my home networks... and i've never really been attacked either...
Good Luck,
Bob |
|
| Back to top |
|
| |
External
Since: Jul 26, 2003
Posts: 5
|
(Msg. 3) Posted: Mon Jun 23, 2003 3:43 pm
Post subject: Re: securing single debian box against internet attacks [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
User wrote:
> I am on broadband and I wish to secure my debian box before putting it
> on the internet. I have a LinkSys G54 broadband router and 'firewall'
> but as a firewall it is limited (spoofed tcp ACK packets get by, etc.)
> Hence, I need to protect my desktop debian box against attacks. It's
> used just a simple desktop machine, it doesn't need to route or bridge
> or any of that. What is the easiest way to harden it against network
> attacks? I've read the firewall HOW-TO etc. but I was wondering if
> there is a more convenient way than having to recompile the kernel?
> For instance, is there a debian package that would aid me?
>
> thanks
As Ryan/Bob said, disable services you don't need and set up some
(basic) iptables rules. You also might find the `Securing Debian Manual`
interesting:
<http://www.debian.org/doc/manuals/securing-debian-howto/>
Regards, Jan
--
Dutch Security Information Network
http://www.dsinet.org/ |
|
| Back to top |
|
| |
External
Since: Jun 24, 2003
Posts: 1
|
(Msg. 4) Posted: Tue Jun 24, 2003 9:41 am
Post subject: Re: securing single debian box against internet attacks [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
User wrote:
> I am on broadband and I wish to secure my debian box before putting it
> on the internet. I have a LinkSys G54 broadband router and 'firewall'
> but as a firewall it is limited (spoofed tcp ACK packets get by, etc.)
> Hence, I need to protect my desktop debian box against attacks. It's
> used just a simple desktop machine, it doesn't need to route or bridge
> or any of that. What is the easiest way to harden it against network
> attacks? I've read the firewall HOW-TO etc. but I was wondering if
> there is a more convenient way than having to recompile the kernel?
> For instance, is there a debian package that would aid me?
>
> thanks
Think of security as layers of protection- when one break down, there's
another one behind it.
Therefore, I recommend that you install iptables. It is quite easy and
once it's there you don't have to worry about it. Also, you can look at
the logs and see whether anyone _is_ actually trying to play games with
you.
The firewall will also help protect you in-case there are holes in other
components - vulnerabilities in the router (quite common) or
vulnerabilities in the services you enable (e.g. in X, ssh, etc.).
To set it up, you can get a GUI frontend (there are a few, google for
them), or do it manually (explained in the HOWTO, especially the Packet
Filtering HOWTO).
The debian hardening HOWTO has lots of information - you can find it in
the harden-doc.deb package.
You can also check out bastille, which is packaged for debian.
Cheers,
Gad |
|
| Back to top |
|
| |
External
Since: Jul 14, 2003
Posts: 33
|
(Msg. 5) Posted: Sun Jun 29, 2003 5:02 am
Post subject: Re: securing single debian box against internet attacks [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
If you have a 2.4 kernel then it is simple to block stuff and allow external
access by the internal machines, here is my firewall-setup script (I hate
using the built in stuff (I use SuSE Linux) but as I also run servers I
haven't dropped all packets, and the first line that is hashed out when
unhashed will stop the box even responding to ping requests.
Hope this helps
Mike.
# start the ip forwarding
modprobe iptable_nat
echo 1 > /proc/sys/net/ipv4/ip_forward
# setup masquerading
iptables -F
iptables -t nat -F
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
# iptables -A INPUT -p ICMP -i eth1 -j DROP
iptables -A PREROUTING -t nat -p udp -d 212.19.66.163 --dport
1412 -j DN
iptables -A PREROUTING -t nat -p tcp -d 212.19.66.163 --dport
1412 -j DN
iptables -A INPUT -p tcp -d 212.19.66.163 -i eth1 --dport 37 -j DROP
iptables -A INPUT -p tcp -d 212.19.66.163 -i eth1 --dport 113 -j
DROP
iptables -A INPUT -p tcp -d 212.19.66.163 -i eth1 --dport 79 -j DROP
iptables -A INPUT -p tcp -d 212.19.66.163 -i eth1 --dport 111 -j
DROP
iptables -A INPUT -p tcp -d 212.19.66.163 -i eth1 --dport 135 -j
DROP
iptables -A INPUT -p tcp -d 212.19.66.163 -i eth1 --dport 139 -j
DROP
iptables -A INPUT -p tcp -d 212.19.66.163 -i eth1 --dport 143 -j
DROP
# iptables -A INPUT -p tcp -d 212.19.66.163 -i eth1 --dport 443 -j
DROP
iptables -A INPUT -p tcp -d 212.19.66.163 -i eth1 --dport 445 -j
DROP
iptables -A INPUT -p tcp -d 212.19.66.163 -i eth1 --dport 515 -j
DROP
iptables -A INPUT -p tcp -d 212.19.66.163 -i eth1 --dport 5000 -j
DROP
"User" <qw RemoveThis @spamhole.com> wrote in message
news:73c5dd76.0306230151.32f54ee2@posting.google.com...
> I am on broadband and I wish to secure my debian box before putting it
> on the internet. I have a LinkSys G54 broadband router and 'firewall'
> but as a firewall it is limited (spoofed tcp ACK packets get by, etc.)
> Hence, I need to protect my desktop debian box against attacks. It's
> used just a simple desktop machine, it doesn't need to route or bridge
> or any of that. What is the easiest way to harden it against network
> attacks? I've read the firewall HOW-TO etc. but I was wondering if
> there is a more convenient way than having to recompile the kernel?
> For instance, is there a debian package that would aid me?
>
> thanks |
|
| Back to top |
|
| |
External
Since: Jul 24, 2003
Posts: 5
|
(Msg. 6) Posted: Thu Jul 17, 2003 4:51 am
Post subject: Re: securing single debian box against internet attacks [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
User <qw.TakeThisOut@spamhole.com> wrote:
> I am on broadband and I wish to secure my debian box before putting it
> on the internet. I have a LinkSys G54 broadband router and 'firewall'
> but as a firewall it is limited (spoofed tcp ACK packets get by, etc.)
> Hence, I need to protect my desktop debian box against attacks. It's
> used just a simple desktop machine, it doesn't need to route or bridge
> or any of that. What is the easiest way to harden it against network
> attacks? I've read the firewall HOW-TO etc. but I was wondering if
> there is a more convenient way than having to recompile the kernel?
> For instance, is there a debian package that would aid me?
> thanks
apt-get -f install bastille
Then run the bastille script and answer it's questions. That's a
very basic set of measures that should provide a reasonably secure
workstation.
apt-get -f aide
Then run aideinit; re-run aideinit or aide --update after every
new package installation and apt-get upgrade or dist-upgrade.
You may also want to edit /etc/aide/aide.conf to trim out some of
the entries that give you too many false alerts. The default
Debian aide.conf is rather noisy --- you mostly want to focuse on
the basics /sbin, /usr/sbin, /bin, /usr/sbin, /lib/ /usr/lib and
/boot. Any script kiddy and/or rootkit is almost certain to modify
files under some of these directories; any cracker who is more
subtle is also likely to detect and subvert your aide binary and/or
database itself. The additional entries in aide.conf take extra
processing time, and lots of extra human time with false alarms for
relatively little probability of actually catching a cracker.
There are several other file integrity systems available for Debian.
Pick one, like fcheck or integrit, fetch it (with ftp or apt-get -d)
but do NOT install it the normal way --- unpack it with:
ar p $DEBFILE data.tar.gz | tar xzf -
... then rename the binary and, if possible it's config and database
files. This is is your stealth IDS. You can put the command to
run this one into one of your more innocuous cron jobs --- one that
none but the most dilligent cracker would bother to read through.
Then:
apt-cache search harden
and 'apt-cache show' each of those that interests you. Read through
descriptions, installing and configuring each that seem to make sense
for you.
--
Jim Dennis,
Starshine: Signed, Sealed, Delivered |
|
| Back to top |
|
| |
| Related Topics: | Securing the box - Where might I find information on securing my Linux box before putting it on the internet? Choosing to setup the..
Securing VSFTPD - Hello, Just looking for some friendly advice here. I am a little new to Linux so please don't blast me. I would like...
Securing telnet - I'm competing in a hacking competition for a network security class in which we must secure a linux machine as well as....
Securing for shells - Hello, I'm not a new person at Linux security and have been using the operating system for three to four years now,..
DOS attacks - I 've 2 production web apache-linux based servers . I know that is possible to receive distributed DOS attacks any time...
Securing the Llinux OS - Hi guys I have a Red hat Linux 9 system running sendmail. 1. Can someone guide me how to enable and disable all the lo... |
|
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
|
|
|
FAQ
Search
Profile
Private Messages
Log in
