We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
What Linux tools and security??
Comments
-
Thanks for everyone's helpful replies, but as an Ubuntu Linux newbie I'm a bit perplexed now after reading JustPassingBy's comments.Peel back your baby's eyelid to find no nationality or religious identity mark there. Peer at your baby's eyes for them to reflect back just people-throw away your flags and religious symbols...0
-
Thanks for everyone's helpful replies, but as an Ubuntu Linux newbie I'm a bit perplexed now after reading JustPassingBy's comments.
It's commonly known as an 'Linux Trolling' and best ignored - and it fails to offer any 'best advice'. Personally, for your situation I'd install a simple GUI 'firewall' like Firestarter if you are looking for something 'Windowsish'. I don't think we really need to trudge the detail of what it does, and how it works in relation to the Linux kernel and modules therein - it is sufficient to say it will do what you want in a way reasonably familiar to Windows migrants ;-)
You can install it using the desktop 'system > administration > synaptic package manager then find 'firestarter'.
Alternatively open up a terminal prompt and type:sudo apt-get install firestarter
After installation you should find it in applications > internet.
The discussion as to if you need it at all -v- Linux overall security is best left to the trolls of the world and probably beyond the level you need to be concerning yourself with at this time as a newcomer. However, the installation of something like Firestarter to manipulate the underlying netfilter/iptables is hardly likely to reduce security! :rotfl:
Suffice to say that belt and braces is usually better than belt or braces alone
0 -
I took your advice the other day Mr Oink and installed Firestarter. Many thanks for the bigger picture.Peel back your baby's eyelid to find no nationality or religious identity mark there. Peer at your baby's eyes for them to reflect back just people-throw away your flags and religious symbols...0
-
The important thing is Tweeter - don't let it intimidate you, it's just an operating system (and rather a nice one at that once you learn the warts). In particular don't be put off by the ranty trolls that pop up when 'Linux' appears in a post. There is a degree of 'Linux snobbery' with some folk trying to point score in pedantic fashion. Just treat it like any other computer and get it set up to do what you want - the operating system is really rather secondary to that :-)I took your advice the other day Mr Oink and installed Firestarter. Many thanks for the bigger picture.0 -
I'm a bit perplexed now after reading JustPassingBy's comments.
That's because a fundamental part of what JustPassingBy says is just plain wrong.
Brian - here's a test for you: take a fresh Ubuntu installation and add gufw directly from the standard repositories. Start gufw and what does it tell you? That the firewall is not enabled.
That's right. The kernel comes with the iptables/netfilter modules built-in, and it has an almost trivial default rule set in place (allow all outgoing, deny all incoming), but by default the firewall function is turned off.
I know this for a fact, because when I install my MythTV server, every other PC on my local network can see it without me having to change anything.
In seven posts, JustPassingBy got almost nothing right (well actually IMO the last one was correct, but the rest were just a waste of time).0 -
Just installed a fresh 10.4 to look at it (curiosity and all that) and from a fresh install there are no iptables rules - in effect the machine is 'open' and has services 'listening' on port 631 (tcp) 68 (udp) 5353 (udp) and 42626 (udp).
631 is CUPS printing service, a serious hole was found and patched in this within the last couple of weeks - so it's fair to say that, by default, Ubuntu 10.4 is not especially secure and the inclusion of a firewall (or tool to manipulate the built in kernal firewall features for the pedantic) can only improve security of the system. The statement is fair and accurate.
It would appear that in his drive-by multi-post trolling, JustPassingBy has missed that simple - but important - fact :T
Keep up the good work :rotfl:0 -
If you're behind a NAT router you DON'T need firewall rules set up because nobody will be able to access anything on your computer from outside your LAN. Secondly, by default there are NO services running which listen on any port. If you install a service like ssh, then you want to access it. So what's the point of having a firewall enabled if you need to open this port anyway for.
As I said, everything above only applies if you're behind a NAT router. If it makes you feel better, install Firestarter, but it makes NO difference...0 -
I'm afraid I don't know what a NAT router is but the one I have is a ZyXEL P-660R-61C ADSL 2+ Router over POTS. Cheers.Peel back your baby's eyelid to find no nationality or religious identity mark there. Peer at your baby's eyes for them to reflect back just people-throw away your flags and religious symbols...0
-
Unless you put the machine into a DMZ....If you're behind a NAT router you DON'T need firewall rules set up because nobody will be able to access anything on your computer from outside your LAN..
Incorrect - by default on Ubuntu has 10.4 CUPS is listening on 631. This was patched recently for a gaping big security hole. There are a couple of other trivial UDP ports responding too - as detailed above.by default there are NO services running which listen on any port0 -
If you're behind a NAT router you DON'T need firewall rules set up because nobody will be able to access anything on your computer from outside your LAN. Secondly, by default there are NO services running which listen on any port. If you install a service like ssh, then you want to access it. So what's the point of having a firewall enabled if you need to open this port anyway for.
As I said, everything above only applies if you're behind a NAT router. If it makes you feel better, install Firestarter, but it makes NO difference...
tronator - while I agree with the spirit of what you say, as Mr_Oink says, by default there is at least one service listening (CUPS on port 631), and you don't have to do much in terms of installing software to add others, which an average user probably won't even be aware of.
Turning on the firewall can also be worthwhile if you have "sacrificial" PCs on your network, to play with things that perhaps you shouldn't - if one of those gets something nasty there is much less chance of it being used to attack the rest of your local network.
Having said that, I've become complacent and currently don't use s/w firewalls on any of my Linux-based boxes...
tweeter: Your router will support NAT (Network Address Translation). If it receives unsolicited traffic on any external port that does not explicitly map to a PC on your internal network, it will just drop or reject it. Hence in default configuration it will drop or reject anything unsolicited.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 353.5K Banking & Borrowing
- 254.2K Reduce Debt & Boost Income
- 455.1K Spending & Discounts
- 246.6K Work, Benefits & Business
- 603K Mortgages, Homes & Bills
- 178.1K Life & Family
- 260.6K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards