Re: FC3 - broken into?

From: Robert Storey (y2kbug_at_ms25.hinet.net)
Date: 02/17/05

Next message: James Thorpe: "yum upgrade"

Previous message: Marc Auger: "Troubles setting up basic internet access"
In reply to: Temlakos: "Re: FC3 - broken into?"
Next in thread: Tom Weniger: "Re: FC3 - broken into?"
Reply: Tom Weniger: "Re: FC3 - broken into?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Fri, 18 Feb 2005 06:05:47 +0800
To: For users of Fedora Core releases <fedora-list@redhat.com>

On Thu, 17 Feb 2005 11:15:04 -0500
Temlakos <temlakos@gmail.com> wrote:

> Now as to how to keep the barn door locked: My first impression is
> that you need to enable the system firewall, even if you /do/ have a
> corporate firewall. Redundancy never hurts in security. Of course, you
>
> need to make sure you know what TCP and UDP ports have to be open for
> certain network processes to run. As long as you open those ports (as
> source /and/ as destination, to be safe) and restrict this to the
> subnetwork you have in your enterprise, your computer should be safe
> even if someone compromises the corporate firewall--or is making
> mischief inside the enterprise and hence already inside the firewall.
> Search on the word "iptables" for more information. (The iptables
> system and syntax took a long time for me to learn, until now I have a
> system that is /very/ particular about what transactions it allows,
> even between computers on my own network.)

Maybe slightly off-topic, but if you want more control over your
firewall rules and are baffled by the cryptic mess that is iptables, I
highly recommend Guarddog. I replaced the Fedora default firewall with
Guarddog and have been much happier ever since. It can be downloaded
from here:

http://www.simonzone.com/software/guarddog/

I compiled it from source and ran into no dependency problems.

cheers,
Robert

-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list

Next message: James Thorpe: "yum upgrade"

Previous message: Marc Auger: "Troubles setting up basic internet access"
In reply to: Temlakos: "Re: FC3 - broken into?"
Next in thread: Tom Weniger: "Re: FC3 - broken into?"
Reply: Tom Weniger: "Re: FC3 - broken into?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages

Re: Dlink 804 does not block UPD ?!
... I am also using DI-804 and my checks with ShieldsUp report that ... my local network is completely invisible to Internet. ... scan on those UDP ports that were open on my computer? ... After test installation I tried to scan the firewall with the ...
(comp.security.firewalls)
Firewall UDP
... I did not open up any UDP ports but my port scanner can still get to tons of them.... ... # Common: domain ... First I thought maybe the firewall was dropping packed therefor making my scanner not recieve a rejected responce... ...
(alt.os.linux.suse)
Re: UDP-Portscan ISA Firewall
... > Enable packet filtering. ... >>i should test a ISA Firewall for a customer. ... In ISA Logs i see that the firewall has blocked all UDP Ports ... >>Scan with the exception of Port 53 but why the portscanner reports me that ...
(comp.security.firewalls)
Svchost Firewall exceptions
... The Windows Firewall has detected an application listening for incoming ... Using procexp I can see that DHCP (DHCP Client) and DNS Cache ... UDP ports being used by this process vary over time. ...
(microsoft.public.windows.server.networking)
Re: [fw-wiz] Proxies, opensource and the general market: whats wrong with us?
... one who should solve the problem is not the firewall operator. ... security assessment of that on a meaningful level (mission impossible ... strong enterprise architecture (mission impossible #3 because of COTS ... with both TNI and the modern enterprise architecture to catch a glimpse ...
(Firewall-Wizards)