On Mon, 2003-01-06 at 13:59, Ed Wilts wrote: > On Mon, Jan 06, 2003 at 02:40:37PM -0700, Daily, Shane, CTR wrote: > > So many things to consider.... I'd start with an iptables overview if you're > > box is on the internet. A good Linux Security book is worth having too. > > Personally, I wouldn't start with iptables. If you have either cable or > DSL (with Ethernet connectivity), buy a low-end Linksys firewall or > something like it. Put it between you and the cable modem. That will > get the vast majority of your security attempts since by default all > ports are closed. Now that you've got the initial threat out of the > way, focus on everything else (like turning off all services you don't > need, etc.).
This is certainly an easy solution (and one I've used before). However, given that Linux can do everything that an off-the-shelf router/firewall can (and more!), I don't see any reason to spend an extra $40 to save an hour's work (especially since that work pays off with increased knowledge in the long run). It takes only a short while to download one of the many firewall configuration utilities and get iptables to do what you want. I personally like shorewall (I usually run firewalls on low-end hardware and don't want GUI tools) but there are several to choose from. Required knowledge of iptables is practically nil. Incidently, I'd recommend Netgear over Linksys anyway <wink>. Well, let me qualify that: most of the Netgear gateway/routers that I've seen lately support dyndns out of the box. Very cool. Other than that, they're probably equivalent. -- Cliff Wells, Software Engineer Logiplex Corporation (www.logiplex.net) (503) 978-6726 x308 (800) 735-0555 x308
signature.asc
Description: This is a digitally signed message part
