Re: [ubuntu-uk] Warning to all users of Samba

Wed, 21 Apr 2010 04:06:48 -0700

Does anybody have any information on how to use these firewalls. I tried setting one up, and ended up shutting my pc off to everything, and had to get somebody to help open it up again. I gave up with the virus checker, as it thought a lot of things that were important to the pc were viruses, and as I dont know enough, had to leave that go. 

John

On 21/04/10 11:51, Paul Morgan-Roach wrote:
On Wed, Apr 21, 2010 at 12:29 AM, John Stevenson <j...@jr0cket.com <mailto:j...@jr0cket.com>> wrote: 


    Am I wrong in thinking this post is really a warning about not
    setting you router up securely?

    If you are unable to control the router or the IP address your
    Ubuntu box is assigned, then you can always run a firewall and/or
    AppAmor on you Ubuntu box.
For those wanting a graphical interface for IPTables, you can use Firestarter (available in the repos). It's a nice interface that covers most functions. From the command line Ubuntu has ufw - the uncomplicated firewall, which is effectively an easy method to configure basic firewalling (eg. ufw allow ssh)
I can't emphasise enough how important it is to secure the perimeter device effectively though. If outbound filtering is enabled and services are only enabled on requirement, we'd see a drop in viruses, worms, spam and other nasties. Think back to the "Slammer worm" (http://en.wikipedia.org/wiki/SQL_Slammer) which compromised windows boxes at a rapid rate, but could not have propagated anywhere near as fast if outbound firewalling was enabled.
The same goes for IRC controlled botnets - if you restrict outbound IRC traffic from only the machines that you use IRC on, then the infected machines cannot be controlled.
The majority of spam comes from hijacked PC's - if your perimeter device only allows the mail server on your network outbound access on port 25, then spam cannot be sent from a compromised desktop. Furthermore, logging on the perimeter device can also be used to identify threats from within the network (if you see a blocked IRC or SMTP traffic it gives cause for investigation). 

I hope this gives a little food for though....

Paul




--
Ubuntu User #30817


-- 
ubuntu-uk@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk
https://wiki.ubuntu.com/UKTeam/

Reply via email to