Domain: simonzone.com
Stories and comments across the archive that link to simonzone.com.
Comments · 8
-
Any ways to keep my router secure?In the past I've read postings such as these out of passive interest, but this article has precipitated my slowly saturating suspicion that my underperforming Kubuntu Dapper box is not just slow or misconfigured, but possessed by a rootkit. I can't prove it, but if there's an easy, convenient way for me to be paranoid, I might as well.
You said:Check your logs at least once a day. Look for any suspicious signs
Is there any way to avoid this? I don't even want to do it once a week, because: a) I might forget, and it's a chore, and b) I'm not sure what to look for. I might get alerted because of something or other that would generate a false positive (e.g. a new configuration on a bittorrent or IRC program).
A sibling poster mentioned Tripwire. How handy is that? I tried installing it when I first started with Linux, back in the days of Mandrake 9.0, but it got to be too much of a hassle installing, and I was never sure when to be or not to be suspicious of minor changes. For example, if I try out new kUbuntu packages all the time, then toss them aside if I'm not interested, would it cause problems with Tripwire?
Also, I run a Linksys router flashed with DD-WRT. It's great protection for my Linux box, but I worry about the router itself. How secure is DD-WRT? I usually turn off the ability to SSH into the router from the Internet, but sometimes I need it on. I wish there were something like Guarddog that would fit into the small non-graphical environment of the DD-WRT so I could easily configure the iptables/netfilter. Also, I don't know if the router can log the connections --that would give a much better indication of intrusion attempts, compared to the logs of my Kubuntu box sitting behind the router.
Any advice would be appreciated. Remember, the main thing is: I am trying to minimize administering the box, and maximize using it. -
Re:Ubuntu
Guarddog is an very easy to use firewall. The Router/Modem for my DSL connection also has a built-in firewall firewall so, for me, also using the Linux firewall is somewhat redundant, but I do anyway. Guarddog was written for KDE, so it would be better for someone that uses Kubunu than Ubuntu. I have both packages installed, so I don't need to worry about whether a program is a KDE program or a Gnome program. Like most other Linux firewall programs it is actually just an easy to use front-end for the iptables firewall that already comes built in with the Linux Kernel. It is much easier to use iptables. Guarddog doesn't actually need to be running at all times once it has finished configuring iptables.
When configuring Guarddog, select the protocols that you want to allow to be used in the Internet zone such as HTTP, HTTPS, FTP, POP3, SMTP and whatever else you need. You might also possibly want to allow DNS, ping and whatever chat programs you use. I am not a system administrator so I am not an expert on networking or firewalls. There is also a related program called Guidedog which you probably won't need unless you are doing port forwarding or something like that. To nest your firewall, you might want to go to the grc.com webpage and select "ShieldsUP" and then select "All Service Ports" for the test. It will then tell show you which ports are open, closed or stealth and tell you if your firewall passes the test. Of course if you are behind a router with a firewall it might actually be testing that instead of your Linux firewall.
There are other Linux firewalls such as Firestarter and several others that I have heard of but not tired. Guarddog does not give you pop-up messages about what is going on, it is just used to control what TCP/IP and UDP ports are open or closed on each interface. I am not sure what feature other Linux firewalls do.
-
Re:Ubuntu
Guarddog is an very easy to use firewall. The Router/Modem for my DSL connection also has a built-in firewall firewall so, for me, also using the Linux firewall is somewhat redundant, but I do anyway. Guarddog was written for KDE, so it would be better for someone that uses Kubunu than Ubuntu. I have both packages installed, so I don't need to worry about whether a program is a KDE program or a Gnome program. Like most other Linux firewall programs it is actually just an easy to use front-end for the iptables firewall that already comes built in with the Linux Kernel. It is much easier to use iptables. Guarddog doesn't actually need to be running at all times once it has finished configuring iptables.
When configuring Guarddog, select the protocols that you want to allow to be used in the Internet zone such as HTTP, HTTPS, FTP, POP3, SMTP and whatever else you need. You might also possibly want to allow DNS, ping and whatever chat programs you use. I am not a system administrator so I am not an expert on networking or firewalls. There is also a related program called Guidedog which you probably won't need unless you are doing port forwarding or something like that. To nest your firewall, you might want to go to the grc.com webpage and select "ShieldsUP" and then select "All Service Ports" for the test. It will then tell show you which ports are open, closed or stealth and tell you if your firewall passes the test. Of course if you are behind a router with a firewall it might actually be testing that instead of your Linux firewall.
There are other Linux firewalls such as Firestarter and several others that I have heard of but not tired. Guarddog does not give you pop-up messages about what is going on, it is just used to control what TCP/IP and UDP ports are open or closed on each interface. I am not sure what feature other Linux firewalls do.
-
Re:Software firewalls?!
Guarddog is my preference. http://www.simonzone.com/software/guarddog/
-
Re:suspensionYou can suspend drives directly, you don't need a cage (if that is what you were thinking), nor should you need to bother with sandwitching.
works a treat.
--
Simon -
Well, lemme see...
When I get a new system/rebuild a system I install:
1) Linux (Fedora Core 1 at the moment)
2) apt
3) vim-X11 (gotta have gvim!)
4) guarddog
5) cvsps
6) patchutils
7) PyQt
8) dia
9) graphviz
10) wget
Then we start getting into 'depends on the task' with such things as a2ps, xdelta, rdiff-backup, etc.
I'm starting to think about making a script that grabs apt, installs it, and then installs all my favorite toys. Then, do a fresh minimal install and see what happens. :) -
How about local tools?
I'm thinking along the lines of Guarddog and Guidedog for KDE/Linux or KMyFirewall
After all, when you run a network tool to setup your firewall, and you accidentally block yourself from the net, how do you generate another set of rules to get back online? (I know,
/etc/init.d/iptables stop) -
Re:What sort of idiot?Check out Guarddog - it's a GUI (kde) firewall management program that is application/goal based.
A rather fine piece of software. I should use it
:)