Find the answer to your Linux question:
Results 1 to 4 of 4
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    Understanding Network Security

    I was wondering if anyone might know of good reference material, books websites etc that discuss network security issues in layman terms. So far most of what I have found is a lot like trying to learn Greek, with me understanding little of what I read.

    I would like to set up a dedicated Linux box as a firewall and would like to have a deeper understanding of the different types of configurations that are possible. Hopefully I will find something that deals with these issues in an understandable way and also discusses the ramifications of one method over another.

    I run a dual boot system and most of the firewalls I have used on the Windows side are very confusing to me. A lot of the time they give you a pop up that informs you that some cryptically named program is trying to access the network or the internet and wants to know if I want it to or not, 99% of the time I have not idea if it is a legitimate program or not. I realize that this is probably a separate issue (knowing how to identify programs and processes that should have access from those that should not) from setting up a firewall and basic network security but I know that they are related.

    Also does anyone know if it is possible to build a Linux firewall and run it in a VM?

    If anyone has any information concerning these issues that you can point me to, I would greatly appreciate it.


  2. #2
    Linux Engineer Kloschüssel's Avatar
    Join Date
    Oct 2005
    Hello robert,

    security has many aspects. It is generally hard to list all of them, but all of them protect you from something. Starting from a single computer you can protect it from:

    * the users that use it
    * others that try to access it (and use it like a valid user does)

    In this case I regard also a software that runs on a computer as a user, not only the user that sits in front of it.

    So, to protect a computer from potentially dangerous operations you have to make sure nobody gets access to something he doesn't have access to. These can be confidential information (prohibit even read access), data that shouldn't be written to (prohibit write access) or software that shouldn't be run (prohibit execute access).

    These are some kind of keywords that are pretty common for these kind of things (you can look them up in google):

    * linux users and groups
    * linux file permissions
    * ACL (access control lists)
    * chroot environments

    To secure a system from dangerous operations, a user should be tighted by means of access permissions so that he can't ever harm a system or accesses parts that he shouldn't. What actually then he will be able to do, depends strongly on who he is and what he needs to do. For example it makes no sense to restrict access to execute database maintainance to the database administrator user.

    Now one has mostly secured the system from the inside. Surely there are holes like jailbreaks and such that cannot be stopped as long there is software that has buffer overflow implementations and you'll never get rid of them. You'll need to trust the users on your computer that they will not harm your system. If you can't trust them, don't let them in. And this is what brings me to the next topic.

    Tighten a computers security by preventing others to access it.

    The idea behind this is: a bad person that can't access a system can't harm it.

    Usually you have means of logging into a system. This is cause you want yourself to be able to access your system, otherwise a computer is pretty useless. There are several measures to secure a computers security. One big is:

    * firewalls

    You can nearly accomplish everything (in regard to network security) with a good firewall like iptables. You can secure single computers from other computers within you lan, but you can also protect your lan from the rest of the world. This topic is quite wide spread and you should just read these things. I take these two little tools as the most importants:

    * iptables
    * fail2ban

    Things that are (in my eyes) useless:

    * port knocking

    If other things come in my mind, I'll post them. Anyway, click yourself through wikipedia starting from one of the above topics. That should give you a good start.

  3. #3
    Thanks so much for taking the time to answer my post, it is much appreciated and I will look up the topics that you have mentioned here. I generally have a pretty good idea as to how permissions work under Linux and so far have not had any know issues with any of my Linux boxes, however it has been a different case while running Microsucks OS of the month. I would have given up on running Windows long ago had I not become an older gamer. I need to get a handle on iptables as I presently do not fully understand how to use them correctly and the "fail2ban" I have never heard of that before. I will definately look that one up.

    My situation is not all that complex, at present just a home network that I like to log in to remotely with my new cell phone running Android and stream in various media that is on my home theater system. I do want to build a good firewall for my network even though it does not have any national secrets on it.

    Thanks once again for your help and for taking the time to write all that you did.

  4. $spacer_open
  5. #4
    Linux Engineer Kloschüssel's Avatar
    Join Date
    Oct 2005
    National secrets or not, I generally dislike unauthorized people to view my stuff. Your usecase pretty much matches my system at home, except the streaming stuff. At home I have:

    * pc (winX)
    * server (xubuntu) + apache2 + rtorrent + rutorrent + webdav + xbmc; connected to a 47' tv
    * laptop (ubuntu netbook version)
    * asus wl-500gp with openwrt on it (works as internet firewall)

    regarding the server:
    * xbmc is already set up such that it could stream media, even tough i never tested that.
    * got a nice remote control to control it even three rooms away (in case I listen music while lying in bed and I do not want to go to the living room )
    * port forward active for 22 and 80
    * thus apache2 provides webdav and other things, but it is strictly split into private and public such that nobody will see the webdav, even though I can access it from the LAN (central storage of multimedia and other files that should be stored on a RAID)
    * everything is guarded by fail2ban in case one tries to ddos into the server
    * teamspeak server and other things that I need (more or less)
    * each process has its own user and they are safely grouped depending on what stuff they need access to (i.e. group media can access the 3TB raid where all multimedia files are stored in)

    All this is run with an ATOM dual core of the elder generation (see: Zotac ION ITX) with 3gb ram in. The cpu load never exceeds 0.7 and thus I can say: it just works. Just yesterday I took a look at the fail2ban logs and saw that it was rotated 4 times, thus it does its job by keeping the bad guys out (3 failed ssh logins ==> 15min firewalled ban).

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts