'Re: [Security-Discuss] Lessons learned while switching from dial-up to DSL (was Question about DSL m'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       mandrake-security-discuss
Subject:    Re: [Security-Discuss] Lessons learned while switching from dial-up to DSL (was Question about DSL m
From:       AAW <arnld23 () execpc ! com>
Date:       2006-03-18 17:28:02
Message-ID: 200603181128.03241.arnld23 () execpc ! com
[Download RAW message or body]

I finally got my router's firewall straightened out by turning on its 
optional IP Filtering function with the high security rule set. Now 
everything comes back as blocked when scanned.

I decided to post some things I learned while switching from dial-up to 
PPPoE ADSL. It may turn up on some web search and save someone else time 
or trouble.

The first thing I learned was don't take your router's default settings at 
face value. The default login and password, for example, are almost 
certainly available from the manufacturer's website (online copies of the 
user's manual, knowledge base, etc.). Also test your router's default 
firewall settings at a firewall scanning site like scan.sygate.com or 
www.grc.com. The factory settings may not be as secure as you'd like.

Adding an ethernet card to connect the machine to the router required 
changing cups and samba configuration. The default for both is to operate 
on all ethernet interfaces. I had to change references to @LOCAL 
in /etc/cups/cupsd.conf to @IF(eth1) to limit cups to the LAN interface 
only. In /etc/samba/smb.conf, I had to add "bind interfaces only = yes" 
and "interfaces = eth1" under the [global] section. Also, the Samba3 
HOWTO (Chapter 9. Network Browsing > Multiple Interfaces) advised using 
an explicit firewall rule to block nmbd from broadcasting on the internet 
interface despite the configuration changes. In general, it would 
probably be a good idea to review the configuration files and 
documentation of any service running on your box.

HTH,
Arn
____________________________________________________
Want to buy your Pack or Services from Mandriva? 
Go to http://store.mandriva.com
Join the Club : http://www.mandrivaclub.com
____________________________________________________
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic