[prev in list] [next in list] [prev in thread] [next in thread]
List: novalug
Subject: RE: [ma-linux] Firewall for a laptop
From: jason <ma-linux () jasons ! us>
Date: 2006-07-26 1:49:05
Message-ID: 20060725214016.Y54656 () torgo
[Download RAW message or body]
On Tue, 25 Jul 2006, Theodore Ruegsegger wrote:
> If you control (or trust) the router, that's your firewall to the
> Internet. The remaining question is whether you trust the other
> machines on the same side of the router as yours.
I think there's more to it than than that. Firewalls/routers are great
but they're not invincible. I trust my own ability to install and
configure my firewall tightly but there's always the possibility of an
unknown exploit allowing L33tHa><0rD00d to grab it before I have a chance
to patch. Security is always best when it's in layers.
> In my case, I control my home router and LAN, so I haven't needed any
> more there. At work, it appears unlikely that an attack would
> originate from inside the firewall, and our internet firewalls have
> been pretty effective thanks to our diligent (and slightly paranoid)
> network admins.
Study after study indicate that most hacking attempts come from within the
company. Disgruntled emplyees, compromised or easily guessed log-ins (how
many people do you know who use their pets' name or their birthday as
their password - I've lost count), open wifi, conference room ports, etc
are all easy entry points. Our IT guys are some of the best I've met yet
we still got socked with a windows virus a few months ago when a developer
brought in his laptop that had gotten infected at home. 75% of our
development machines run FreeBSD or Linux but the traffic between the
infected systems beat the stuffings out of the network for a couple hours
until they were disconnected and disinfected.
> On the other hand, the vast majority of the boxes on the LAN run
> Windows, and more and more of them are laptops that go away and
> connect who-knows-where and then rejoin the LAN, bringing their
> spyware, bots, and other infestations with them. I guess it's only a
> matter of time before someone propagates an attack that uses Windows
> hosts to attack GNU or Unix boxes.
Yup.
> That, and a recent conference where I was connected to a university's
> LAN for several days, and a hotel's in-between, made me decide to look
> into software firewalls. In the old days, I would lug a router with
> me...
Start with one of the tools to configure iptables or ipchains and use the
rules it builds to learn it. You won't be sorry when you can fire off a
new rule off the top of your head in the middle of some kind of attack.
The rules really are pretty simple after you've looked at them for a
little while.
As for Windows (yes, I know this is ma-linuxJ the firewall built into XP
SP2 is a decent start, but I always replace it with Zonealarm, which also
gives you the ability to monitor outbound connections. It's amazing what
kind of crap you see on hotel or conference networks.
-Jason
-----
--- There are no ABSOLUTE STATEMENTS I'm very probably wrong. ---
"The difference between genius and stupidity is that genius has its limits."
- Albert Einstein
_______________________________________________
ma-linux mailing list
ma-linux@tux.org
http://www.tux.org/mailman/listinfo/ma-linux
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic