Student needs help
Well here is the situation. I am moving into a student accomodation next week where they supply us with broadband. Now I want to set up my Linux box (Knoppix distro) so that I will be safe on the network from internal attacks. What do you suggest I do to secure my box? I thought about blocking all incoming ICMP packets but not sure if this is necessary.
Thanks for any help
Just make sure you don't have any ports that allow new incoming connections, unless you're running a server. You can drop all icmp packets to be safe, too. 8)
thanks for the reply :)
I nmap'd myself to see what services I need to take care of, and I am a walking time bomb. As I havent used the Linux on my laptop in a while it is very vulnerable. How can i uninstall the following services?
Do i want stop all of them?
Also how will I beable to find the PID for these services when they are running to kill them?
Hmm, not sure about how to exactly do it in Knoppix but there should be some startup scripts like /etc/rc.d/rc.M and similar. Just edit them and comment out all the stuff you don't need (sendmail, rpcbind,sshd,httpd....) My only opened port is X11 and it is filtered. How tight it should be depends only on your use of it..
Check the documentation on thoses services. The answers lie within.
I've managed to cut back abit. Although I've been struggling to cut X off from the world but I can't seem to find the right place to add the flag -nolisten tcp. Also I don't know if I need finger. ssh really is just there because one day I know I'm going to need it. Also I've heard that there is a vulnerability in kernel 2.4.22, so I'm going to try install 2.6.* when I get up the guts.
PORT STATE SERVICE
22/tcp open ssh
79/tcp open finger
113/tcp open auth
6000/tcp open X11
Update: Got tthe 2.6 kernel installed now, ACPI is still giving me troubles. Yep, with iptables it would be pretty easy to just block those ports, but now that I'm working on getting a wireless card for my laptop that works under linux my AP will be public access (I've heard that wireless is still shakey in regards to security?) so I would still like to shut down X11 without enabling iptables or some other kind of firewire on all of my computers.
I have a firewall installed, (firestarter). From that you can block/deny all the ports you like.
Rather than firewalling the first thing to do is to stop all ports that you do not need. Play safe.