[svlug] Firewalls?
Rick Moen
rick at linuxmafia.com
Tue Jan 23 10:33:06 PST 2007
Quoting Skip Evans (skip at bigskypenguin.com):
> I know sqaut about firewalls, except for minimal experience installing
> Astaro at my last job, but as you know I'm a developer and not a sys
> admin, and work in my own small shop where I wear hats that are
> sometimes too big for my small cranium.
You could start by considering what threats you're worrying about, and
why. Without a threat model, you have little chance of evolving a
sensible policy, and thus little chance of using the right tools in an
appropriate way.
> But anyway, our servers here are always getting hit with script
> kiddies running ssh login attempts, running down the alphabet of
> possible user names, etc. They have no chance to get in but it sure is
> annoying watching the server lights flash and seeing all that traffic
> on our network.
They have no chance to get in. OK, so what specific problem are you
trying to solve, again? And what exactly makes IP/port filtering
("firewalls") an appropriate tool for that?
Maybe the problem you're trying to solve is "I'm really bothered by the
logcheck reports that show all those dictionary attacks." Since you
say there's no chance of them getting in, maybe the right solution is
to better configure logcheck's[1] reporting, to reduce the meaningless
information so you can concentrate on what's significant.
This matter seems to come up frequently, by the way.
> So I started thinking about firewalls and was told that a simple
> Debian box running IP tables might be a solution, but I need to
> educate myself I'm afraid.
A solution to which problem, again?
> So what I'd like to know is what are some good reading materials for a
> newbie to firewalls....
Personally, I say start here; I still like it after all these years, and
there's now a second edition (not yet seen): http://www.wilyhacker.com/
If you're cheap, the first edition's available online for free:
http://www.wilyhacker.com/1e/
There also might be something worthwhile linked from
http://linuxmafia.com/kb/Security/ . (It could happen.)
More information about the Svlug
mailing list