chocobanana Posted January 6, 2005 Report Share Posted January 6, 2005 Greetings I've been reading some posts about security and firewalls and I'm still not sure if i'm properly secure I have the firewall activated in mcc (in mandrake v10.1oe), but I tryed the "shields up" test and it said I'm completely vulnerable (it also says it's a windows machine, but I guess it must be just having windows users in mind) Can someone give advice? Thanks Quote Link to comment Share on other sites More sharing options...
bvc Posted January 6, 2005 Report Share Posted January 6, 2005 the shields up test (and others) doesn't test you....your firewall stops it. secure? well, any OS, properly administered, can be secure...even windows Quote Link to comment Share on other sites More sharing options...
chocobanana Posted January 6, 2005 Author Report Share Posted January 6, 2005 Hi Sorry, but I didn't got it welll. How does that answer to my question? As probably already noticed, I'm a newbie to linux Thanks Quote Link to comment Share on other sites More sharing options...
ChrisM Posted January 6, 2005 Report Share Posted January 6, 2005 (edited) I have a Netgear router/firewall - the following should prove useful if you want an idea of how secure you are. This is taken from one of the support pages. Here are three programs to test if your router or computer's ports are secure. The first gives the simplest "good / bad" results. Symantec Security Check (Once on the page, click Start under "Security Scan".) Gibson Research Corporation (On the page, scroll down, and click ShieldsUP!) Sygate Online Services (On the page, click Scan Now.) Since these programs are concerned with any possible threat, they may report things that are in practice usually safe. For example, although the Sygate and Gibson sites note ports that are not "stealthy", in practice ports that are "just" closed are usually quite secure. Edited January 6, 2005 by ChrisM Quote Link to comment Share on other sites More sharing options...
linux_learner Posted January 7, 2005 Report Share Posted January 7, 2005 this isnt a question of mandrake security. as mandrake is linux. there are a number of things that can be done to tighten security. a good rule of thumb is, turn off any services you dont need. i did write a "linux security overview" in the FAQ section of this site. give that a look and you'll understand alot more. linux isnt like windows. to go into more detail, i might as well write a thesis. the security overview will give you some good information though. how deep you want to go is up to you. Quote Link to comment Share on other sites More sharing options...
linux_learner Posted January 7, 2005 Report Share Posted January 7, 2005 I have a Netgear router/firewall - the following should prove useful if you want an idea of how secure you are. This is taken from one of the support pages. Here are three programs to test if your router or computer's ports are secure. The first gives the simplest "good / bad" results. Symantec Security Check (Once on the page, click Start under "Security Scan".) Gibson Research Corporation (On the page, scroll down, and click ShieldsUP!) Sygate Online Services (On the page, click Scan Now.) Since these programs are concerned with any possible threat, they may report things that are in practice usually safe. For example, although the Sygate and Gibson sites note ports that are not "stealthy", in practice ports that are "just" closed are usually quite secure. <{POST_SNAPBACK}> the symatec site only scans windows (makes sense ya know). the other two are good though. here is one that may freak you out a bit. http://browsercheck.qualys.com/index.php if you wish to attempt the tests, like a cookie test, then you'll need to change your user agent to IE 6 on winXP. heres the results of mine with my UA set to IE 6: Browser Info: Type: Microsoft Internet Explorer Version: IE6 Browser Language: undefined Cookies: true Java: true JavaScript and Engine Info: JavaScript Version: 1.3 Script Engines Version: IE 4/5/6 Script Engines: Browser History: Sites visited in this window: 10 System Overview: Platform: Win32 OS: WinXP CPU Class: undefined IP Address: ********* Host Name: ********* System Language: undefined User Language: undefined System Time: Thu Jan 06 2005 17:19:13 GMT-0700 (MST) Display Settings: Resolution: 1024X768 Max Window Size: 966X722 Color Depth: 16 bit i edited out the ip address. the results are similar under linux. it just cant hack linux Quote Link to comment Share on other sites More sharing options...
arthur Posted January 7, 2005 Report Share Posted January 7, 2005 (edited) an impropoerly secured linux can be just as insecure (or even less secure) than windows. it all depends on your knowledge of your system. Linux can be as secure or insecure as you want it to be. However in Windows you have no choice in the matter. Shields UP!! (www.grc.com) fails you in the test if: a) you have an open port (really bad) b ) you have a closed port (not really bad...but it's better to filter it) You only pass the test if you got ALL ports filtered. IMO, that's a bit strict and useless. If you have port 113 unfiltered (which happens often and is completely safe) you still fail the test. here is one that may freak you out a bit. http://browsercheck.qualys.com/index.php if you wish to attempt the tests, like a cookie test, then you'll need to change your user agent to IE 6 on winXP. heres the results of mine with my UA set to IE 6: er, that's just from the GET requests crafted by the browser, NOT from any covert scanning done by the server - it means you (your browser) sent that info. Sure, they give a lot of information, like screen res and all, but servers NEED such info to display webpages properly...but the OS and the like isn't needed...you can probably disable these in Firefox, i'll look into it. Edited January 7, 2005 by arthur Quote Link to comment Share on other sites More sharing options...
linux_learner Posted January 7, 2005 Report Share Posted January 7, 2005 er, that's just from the GET requests crafted by the browser, NOT from any covert scanning done by the server - it means you (your browser) sent that info. Sure, they give a lot of information, like screen res and all, but servers NEED such info to display webpages properly...but the OS and the like isn't needed...you can probably disable these in Firefox, i'll look into it. <{POST_SNAPBACK}> yeah i know, but still freaky your browser gives that much out. Quote Link to comment Share on other sites More sharing options...
bvc Posted January 7, 2005 Report Share Posted January 7, 2005 the symatec site only scans windows (makes sense ya know). the other two are good though.no they are notSU is only certain you check your pc if ran from in windows and doesn't do a thing with my linux installs Sygate: It even tells you when the scan starts <your IP addy> and that if you have a router and/or firewall it may not be yours. When it checks for services, do you think it's looking for linux services? It's usless. It find the info you posted above but so what. Any site you visit can get that. You have to run w/o a router, otherwise your router either isn't doing it's job or you're not really using it so why have it? Do you think all crackers will only looking for windows services? The scans are useless. Quote Link to comment Share on other sites More sharing options...
aru Posted January 7, 2005 Report Share Posted January 7, 2005 (edited) IMHO this are the best steps to follow in order to make real useful security tests: learn how to set up your firewall and do it (and ofcourse read linux security manuals too) ask a friend of yours with linux to scan your own IP(1) with nmap interpret the results if you are satisfied break; else goto 1 you can skip steps 2-4 if you are confident with yourself and have a great ego (like me! :P ) (1) you can't get information about your firewall scanning your own computer from inside as it is obvious. HTH Edited January 7, 2005 by aru Quote Link to comment Share on other sites More sharing options...
devries Posted January 7, 2005 Report Share Posted January 7, 2005 Doesn't a firewall give a false sense of security? It is better to know what is running on your PC than to trust a firewall (which btw is a nuisance when you install a program that uses not the default ports.). I think you would be safer of with netstat and ps than with a firewall. Quote Link to comment Share on other sites More sharing options...
aru Posted January 7, 2005 Report Share Posted January 7, 2005 (edited) Doesn't a firewall give a false sense of security? It is better to know what is running on your PC than to trust a firewall (which btw is a nuisance when you install a program that uses not the default ports.). I think you would be safer of with netstat and ps than with a firewall. <{POST_SNAPBACK}> Devries, I understand that as obvious, but is always good to point it out. My Golden Rule of my Security is, close what you wont need (that's your point, and by close I don't mean close ports, but remove useless services) and close to the others what you need but you don't want to be accessed from outside (which is what a firewall is meant to do). :D Edited January 7, 2005 by aru Quote Link to comment Share on other sites More sharing options...
Rainer Posted January 7, 2005 Report Share Posted January 7, 2005 (edited) AFAIK, by default Shorewall drops all unsolicited incoming connections and allows all outbound connections - if you've got the firewall on, and haven't explicitly allowed incoming connections to any ports then you should be ok - in addition it is always a good idea to disable any un-needed services and keep your system updated ;) Edited January 7, 2005 by Rainer Quote Link to comment Share on other sites More sharing options...
chocobanana Posted January 7, 2005 Author Report Share Posted January 7, 2005 ok guys and girls I think I got some interesting answers. But definitely, one should take a deeper look some kind of linux security guide to become enlightened to this aspect. Thanks, and be my guests to continue replying to this post, as other users are probably also finding this topic useful! :D Quote Link to comment Share on other sites More sharing options...
ChrisM Posted January 7, 2005 Report Share Posted January 7, 2005 the symatec site only scans windows (makes sense ya know). the other two are good though. <{POST_SNAPBACK}> I'd not run any of the scans for months now (since I first got the router/firewall) so did not realise/forgotton at time of this posting this was a winblows only scan - doh! :P Seems though that scans provide a false sense of security. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.