skip at bigskypenguin.com
Tue Jan 23 10:51:40 PST 2007
Hey Rick & all,
Okay, so it looks like from what you have below
that education is the first priority since there
is no immediate threat, only an annoyance, and I'm
so green I make Kermit the Frog look... um... less
I'll get that book on the way!
Rick Moen wrote:
> Quoting Skip Evans (skip at bigskypenguin.com):
>>I know sqaut about firewalls, except for minimal experience installing
>>Astaro at my last job, but as you know I'm a developer and not a sys
>>admin, and work in my own small shop where I wear hats that are
>>sometimes too big for my small cranium.
> You could start by considering what threats you're worrying about, and
> why. Without a threat model, you have little chance of evolving a
> sensible policy, and thus little chance of using the right tools in an
> appropriate way.
>>But anyway, our servers here are always getting hit with script
>>kiddies running ssh login attempts, running down the alphabet of
>>possible user names, etc. They have no chance to get in but it sure is
>>annoying watching the server lights flash and seeing all that traffic
>>on our network.
> They have no chance to get in. OK, so what specific problem are you
> trying to solve, again? And what exactly makes IP/port filtering
> ("firewalls") an appropriate tool for that?
> Maybe the problem you're trying to solve is "I'm really bothered by the
> logcheck reports that show all those dictionary attacks." Since you
> say there's no chance of them getting in, maybe the right solution is
> to better configure logcheck's reporting, to reduce the meaningless
> information so you can concentrate on what's significant.
> This matter seems to come up frequently, by the way.
>>So I started thinking about firewalls and was told that a simple
>>Debian box running IP tables might be a solution, but I need to
>>educate myself I'm afraid.
> A solution to which problem, again?
>>So what I'd like to know is what are some good reading materials for a
>>newbie to firewalls....
> Personally, I say start here; I still like it after all these years, and
> there's now a second edition (not yet seen): http://www.wilyhacker.com/
> If you're cheap, the first edition's available online for free:
> There also might be something worthwhile linked from
> http://linuxmafia.com/kb/Security/ . (It could happen.)
> svlug mailing list
> svlug at lists.svlug.org
Big Sky Penguin, LLC
61 W Broadway
Butte, Montana 59701
Check out PHPenguin, a lightweight and
versatile PHP/MySQL development framework.
More information about the svlug