Re: new install, Firewall, anti-virus?



Hey, Jim:

On Tue, Nov 10, 2009 at 19:15, Jim Douglas <jdz99@xxxxxxxxxxx> wrote:
Is the firewall up and running by default effective? It's a home machine but
I plan on adding a web server.

The default Fedora firewall is pretty good. Just make sure that the
'iptables' service is running (should be, by default). You can use the
GUI 'system-config-services' tool to look at what's running, or run
'sudo service iptables status' from the command line.

About that web server... See below for an opinion on that.

What is the best anti-virus?

In my experience, most Linux users/systems don't bother. I think it's
generally considered to be a low-probability threat on Linux. You can
certainly use ClamAV (open-source signature-based AV), but I don't
know how much it will integrate with your other programs' usage.
You're almost definitely NOT going to find the kind of comprehensive,
all-seeing, all-knowing, checks-all-file-access AntiVirus suite that
you've grown to know in the Windows world.

Here are some basic local desktop usage rules that should keep you pretty safe:

- Run a firewall that blocks unsolicited Internet traffic.
- Don't run anything as 'root'. Configure and use 'sudo', and keep
the password checking turned on, even though it's a little hassle.
- Keep any data that you want to protect in your home directory, and
remove access to your home dir for "other" (non-owner, non-group)
users.
- Make regular backups of your home directory, and store your backups
on physically separate media (a remote machine, maybe, or an external
hard drive). Keep your backup disk physically disconnected when you're
not making/restoring a backup, or at least change the ownership and
permissions of the stored backups so that only 'root' can access or
modify them.

Now, about your web server: Lots of people do this, and it can be
perfectly safe. BUT: Any internet-accessible service represents a
potential vector of attack. If you take the precautions outlined
above, but you poke a hole in the firewall to allow HTTP/HTTPS traffic
to your web server, you have to treat that web server process a little
more carefully. Read up on securing your web server, and make sure you
understand the security mechanisms (SELinux, chroot, privilege
separation, filesystem perms, etc.) that are in place. You will
probably be OK--a little effort/knowledge will make the next guy a
bigger target than you.

Good luck.

-Ryan

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines



Relevant Pages

  • Re: Firewall on server itself
    ... > protected by a dedicated harware firewall. ... > be configured to protect the web server as well other computers on the ... an advantage if you configure some iptables rules on this box. ... if the hardware firewall is built ...
    (Security-Basics)
  • Re: disconnect a hacker
    ... My Web server station is right next ... my attention divided by security concerns... ... see an IP connected to port 80, ... I've been forwarding my firewall logs to my ISP, ...
    (alt.computer.security)
  • Re: Firewall on server itself
    ... Perhaps the iptables could defend against an intruder who is already ... Firewall vender specific vulnerabilities ... >> be configured to protect the web server as well other computers on ... > The Gartner Group just put Neoteris in the top of its Magic Quadrant, ...
    (Security-Basics)
  • Re: [fw-wiz] Using SSL accelerators in firewalls
    ... It also depends on what you're using your SSL for, and how tightly you can couple ... your firewall with your web application. ... web server don't have to be very aware of each other. ... >> lost in the process and the security of transactions eroded. ...
    (Firewall-Wizards)
  • Re: security advice (possible hacker activity?)
    ... > trojan or worm is installed onto the web server. ... > itself through the firewall to an email user on a PC, ... > the IIS web server. ... IWAM runs any site with Access or SQL. ...
    (microsoft.public.win2000.security)