Thread: Setting Up Security
View Single Post

   
  #1 (permalink)  
Old 02-18-2008, 09:39 AM
TITAN
 
Posts: n/a
Default Setting Up Security
I just read the Security HOWTO. It is a lot to digest. Basically from what I
can tell a security strategy depends a lot on the specifics of the
particular network in question.

In my case I am not at all concerned with local or user security. The only
person inside my firewall is going to be me and the only way someone who
knows anything about computers would get physical access is by breaking into
my apartment. At that point it is much more likely I wont have any computers
at all than someone breaking into my box and changing the root password.
My primary concern is vulnerability to port scanning and script attacks
through my comcast service. I would like to be transparent to kids with
scripts looking for an easy crack while still being able to play those
online games I love so much and participoate in PtP file sharing.
So what I think I need to do is:
1) set up iptables (but im not sure how) to allow the connections I do want
and drop the ones I dont.
2) shut down a lot of the services I dont use which are vulnerable
3) set up some basic filesystem security to make life difficult if anyone
does get in

As far as I understand this will provide a basic level of security but will
not keep somone out who is really trying to get in. But I find it difficult
to believe my system would get that kind of attention when there are easier
targets and I dont have anything on my system you couldnt find on Kazaa. But
I guess somone could always try to use my box as an FTP host.

Since I am new to this I would like it if anyone with more experience could
make further recommendations.
Also any recommended reading for setting up iptables or shuting down
services would be welcome.

Here is what my fstab currently looks like.

/dev/hda1 swap swap defaults
0 0
/dev/hda2 / ext2 defaults
1 1
/dev/hdc1 /usr/share/MP3 ext2
nouser,rw,nosuid,nodev,noexe 0 2
/dev/hdc2 /usr/share/winarchive ext2 nouser,rw,nosuid,nodev,noexe
0 2
none /dev/pts devpts gid=5,mode=620
0 0
none /proc proc defaults
0 0
/dev/hda2 /home ext2 nodev,noexe
0 0
/dev/hda2 /var ext2 nodev,noauto
0 0

Any recommendations here are welcome as well.

Thank you for your help.

-Drew


Reply With Quote