SEO

I just read the Security HOWTO. It is a lot to digest. Basically from what I
can tell a security strategy depends a lot on the specifics of the
particular network in question.

In my case I am not at all concerned with local or user security. The only
person inside my firewall is going to be me and the only way someone who
knows anything about computers would get physical access is by breaking into
my apartment. At that point it is much more likely I wont have any computers
at all than someone breaking into my box and changing the root password.
My primary concern is vulnerability to port scanning and script attacks
through my comcast service. I would like to be transparent to kids with
scripts looking for an easy crack while still being able to play those
online games I love so much and participoate in PtP file sharing.
So what I think I need to do is:
1) set up iptables (but im not sure how) to allow the connections I do want
and drop the ones I dont.
2) shut down a lot of the services I dont use which are vulnerable
3) set up some basic filesystem security to make life difficult if anyone
does get in

As far as I understand this will provide a basic level of security but will
not keep somone out who is really trying to get in. But I find it difficult
to believe my system would get that kind of attention when there are easier
targets and I dont have anything on my system you couldnt find on Kazaa. But
I guess somone could always try to use my box as an FTP host.

Since I am new to this I would like it if anyone with more experience could
make further recommendations.
Also any recommended reading for setting up iptables or shuting down
services would be welcome.

Here is what my fstab currently looks like.

/dev/hda1 swap swap defaults
0 0
/dev/hda2 / ext2 defaults
1 1
/dev/hdc1 /usr/share/MP3 ext2
nouser,rw,nosuid,nodev,noexe 0 2
/dev/hdc2 /usr/share/winarchive ext2 nouser,rw,nosuid,nodev,noexe
0 2
none /dev/pts devpts gid=5,mode=620
0 0
none /proc proc defaults
0 0
/dev/hda2 /home ext2 nodev,noexe
0 0
/dev/hda2 /var ext2 nodev,noauto
0 0

Any recommendations here are welcome as well.

Thank you for your help.

-Drew

On 2003-06-26,
TITAN <stouppe@comcast.net> wrote:

For general Slackware security help, I recommend visiting this page:

<URL:http://slackbook.yoshiwara.org.uk/security.html>

> 1) set up iptables (but im not sure how) to allow the connections I do want
> and drop the ones I dont.

Here's one tutorial, which I think is quite good:

<URL:http://www.cs.princeton.edu/~jns/security/iptables/>

<URL:http://www.netfilter.org> links to several more tutorials.

> 2) shut down a lot of the services I dont use which are vulnerable

> 3) set up some basic filesystem security to make life difficult if anyone
> does get in

If you search this group's archives, you'll find links to several
security articles that should help. Here is a link to one I like:

<URL:http://www.userlocal.com/security/securitytips.php>

> I guess somone could always try to use my box as an FTP host.

.... or maybe as part of a DDoS or the middle of a smurf attack.

> Since I am new to this I would like it if anyone with more experience could
> make further recommendations.

I like to do 'nmap localhost' as a quick way to see what services are
running. You can use netstat also (as well as ps and top obviously).

> Here is what my fstab currently looks like.

> /dev/hda2 / ext2 defaults 1 1

Why not switch to ext3. It's simple to do and is backward compatible.

Maybe you'd be interested in encrypting your filesystems. The archives
should have some info on how to do that. I think +Cibao+/+Chiron+ posted
a HOWTO on that.


--
Mark Hill <mark_usenet@yahoo.co.uk>
Besides, I think Slackware sounds better than 'Microsoft,' don't you?
-- Patrick Volkerding

In article <jmqdnQy0pZe2wWejXTWJhQ@comcast.com>,
TITAN <stouppe@comcast.net> wrote:
>In my case I am not at all concerned with local or user security. The only
>person inside my firewall is going to be me and the only way someone who
>knows anything about computers would get physical access is by breaking into
>my apartment.

Probably. Nevertheless, it's prudent to fix local exploits, too. The
what-ifs might lead to someone looking for local exploits to a get root
shell.

The security mailing list is low traffic and it's pretty easy to keep up
with the updates.

http://www.slackware.com/lists/archive/

Then again, I'm just paranoid.

-Beej