[svlug] Firewalls?

Skip Evans skip at bigskypenguin.com
Tue Jan 23 10:51:40 PST 2007

Hey Rick & all,

Okay, so it looks like from what you have below 
that education is the first priority since there 
is no immediate threat, only an annoyance, and I'm 
so green I make Kermit the Frog look... um... less 

I'll get that book on the way!

Thanks much!


Rick Moen wrote:
> Quoting Skip Evans (skip at bigskypenguin.com):
>>I know sqaut about firewalls, except for minimal experience installing
>>Astaro at my last job, but as you know I'm a developer and not a sys
>>admin, and work in my own small shop where I wear hats that are
>>sometimes too big for my small cranium.
> You could start by considering what threats you're worrying about, and
> why.  Without a threat model, you have little chance of evolving a
> sensible policy, and thus little chance of using the right tools in an
> appropriate way.
>>But anyway, our servers here are always getting hit with script
>>kiddies running ssh login attempts, running down the alphabet of
>>possible user names, etc. They have no chance to get in but it sure is
>>annoying watching the server lights flash and seeing all that traffic
>>on our network.
> They have no chance to get in.  OK, so what specific problem are you
> trying to solve, again?   And what exactly makes IP/port filtering
> ("firewalls") an appropriate tool for that?
> Maybe the problem you're trying to solve is "I'm really bothered by the
> logcheck reports that show all those dictionary attacks."  Since you
> say there's no chance of them getting in, maybe the right solution is 
> to better configure logcheck's[1] reporting, to reduce the meaningless
> information so you can concentrate on what's significant.
> This matter seems to come up frequently, by the way.
>>So I started thinking about firewalls and was told that a simple
>>Debian box running IP tables might be a solution, but I need to
>>educate myself I'm afraid.
> A solution to which problem, again?
>>So what I'd like to know is what are some good reading materials for a
>>newbie to firewalls....
> Personally, I say start here; I still like it after all these years, and
> there's now a second edition (not yet seen):  http://www.wilyhacker.com/
> If you're cheap, the first edition's available online for free:
> http://www.wilyhacker.com/1e/
> There also might be something worthwhile linked from
> http://linuxmafia.com/kb/Security/ .  (It could happen.)
> _______________________________________________
> svlug mailing list
> svlug at lists.svlug.org
> http://lists.svlug.org/lists/listinfo/svlug

Skip Evans
Big Sky Penguin, LLC
61 W Broadway
Butte, Montana 59701
Check out PHPenguin, a lightweight and
versatile PHP/MySQL development framework.

More information about the svlug mailing list