Linux.com Article DB: A Beginner's Introduction to Network Security

Use Packet Filtering: "Firewalling"

Even though your provider doesn't filter your connection, that doesn't mean that you can't. One of the great strengths of Linux is its highly-configurable networking system. Virtually all recent Linux distributions come with the correct kernel and the right software tools to allow you to filter your network traffic based on IP address, port, interface, and other parameters. For a good (but perhaps a bit dated) explanation of filtering (or "firewalling") take a look at the Linux Firewall and Proxy Server HOWTO: http://www.linuxdoc.org/HOWTO/Firewall-HOWTO.html

The method for setting up the firewall depends on what version of kernel is running. For those running version 2.2.x kernels, the tool is called "ipchains." A great source of information for this tool is located in the Linux IPCHAINS-HOWTO: http://www.linuxdoc.org/HOWTO/IPCHAINS-HOWTO.html

For 2.4.x kernels, the tool is called "iptables." I have yet to find a really simple guide for using iptables. However, it accomplishes the same purpose as the ipchains tool, so the URL above will probably be helpful. For iptables-specific information, check out: http://netfilter.filewatcher.org/unreliable-guides/index.html

Finally, for lots of network security issues in general I find the TrinityOS document at http://www.ecst.csuchico.edu/~dranch/LINUX/TrinityOS/cHTML/TrinityOS-c.html to be very helpful. In this document, David Ranch basically shows the entire configuration for his own machine. Take a look at section 10 in particular, where David gives some really good ideas on firewall construction.

Watch your logs.

Most Linux distributions are set up to log a whole host of system-related events to log files. The details of what is logged and where is up to the distribution, but a good place to start is in the "/var/log" directory. Take a look at the files that are available and keep an eye on them periodically. They can tell you about someone that's trying to attack and about many other events that can jeopardize your system. There are even tools available (a popular one is called "Tripwire") which can help watch your logs for you, but these tools require careful setup.

Final Notes

One of the most important rules to security is that no security is perfect. It doesn't matter how well you try to protect your computer, unless you lock it inside a steel vault with no access to the outside (not very useful), there is always some risk of being attacked. We're not suggesting you go that far. Just learn to balance the need for network connectivity with the need for network security. We've given some really general tips in this article. If the interest is there, we can continue this series with articles that are a lot more specific about certain topics.

Many attacks can be prevented by taking measures which don't affect usability at all. Thoroughly evaluate the services you need and disable those you don't. Keep your software and your knowledge updated. Set up packet filtering. Keep an eye on your system logs. With a bit of thought and a lot of learning, that wide-open pipe to the Internet can be a lot safer for your computer.

Originally Published: Tuesday, 2 October 2001	Author: Jeff McClure and Katharine McCoy
Published to: enchance_articles_security/Advanced Security Articles	Page: 3/3 - [Printable]
A Beginner's Introduction to Network Security Linux.com writers McClure and McCoy write "We hate to break it to you, but crackers don't just hack the important stuff, they hack whatever networks or boxes they can get into, just because they can." As you may already know it is as important to "lock" your computer as it is to lock your front door, especially if you live on an "always on" broadband connection. But where to start? Well, start here.

	<< Page 3 of 3
Use Packet Filtering: "Firewalling" Even though your provider doesn't filter your connection, that doesn't mean that you can't. One of the great strengths of Linux is its highly-configurable networking system. Virtually all recent Linux distributions come with the correct kernel and the right software tools to allow you to filter your network traffic based on IP address, port, interface, and other parameters. For a good (but perhaps a bit dated) explanation of filtering (or "firewalling") take a look at the Linux Firewall and Proxy Server HOWTO: http://www.linuxdoc.org/HOWTO/Firewall-HOWTO.html The method for setting up the firewall depends on what version of kernel is running. For those running version 2.2.x kernels, the tool is called "ipchains." A great source of information for this tool is located in the Linux IPCHAINS-HOWTO: http://www.linuxdoc.org/HOWTO/IPCHAINS-HOWTO.html For 2.4.x kernels, the tool is called "iptables." I have yet to find a really simple guide for using iptables. However, it accomplishes the same purpose as the ipchains tool, so the URL above will probably be helpful. For iptables-specific information, check out: http://netfilter.filewatcher.org/unreliable-guides/index.html Finally, for lots of network security issues in general I find the TrinityOS document at http://www.ecst.csuchico.edu/~dranch/LINUX/TrinityOS/cHTML/TrinityOS-c.html to be very helpful. In this document, David Ranch basically shows the entire configuration for his own machine. Take a look at section 10 in particular, where David gives some really good ideas on firewall construction. Watch your logs. Most Linux distributions are set up to log a whole host of system-related events to log files. The details of what is logged and where is up to the distribution, but a good place to start is in the "/var/log" directory. Take a look at the files that are available and keep an eye on them periodically. They can tell you about someone that's trying to attack and about many other events that can jeopardize your system. There are even tools available (a popular one is called "Tripwire") which can help watch your logs for you, but these tools require careful setup. Final Notes One of the most important rules to security is that no security is perfect. It doesn't matter how well you try to protect your computer, unless you lock it inside a steel vault with no access to the outside (not very useful), there is always some risk of being attacked. We're not suggesting you go that far. Just learn to balance the need for network connectivity with the need for network security. We've given some really general tips in this article. If the interest is there, we can continue this series with articles that are a lot more specific about certain topics. Many attacks can be prevented by taking measures which don't affect usability at all. Thoroughly evaluate the services you need and disable those you don't. Keep your software and your knowledge updated. Set up packet filtering. Keep an eye on your system logs. With a bit of thought and a lot of learning, that wide-open pipe to the Internet can be a lot safer for your computer.
	<< Page 3 of 3