Ubuntu Security :: Outbound Firewall Protection (permissive Vs. Restrictive) - What's Setup?
Dec 18, 2010
Using Windows, I always set a Restrictive firewall policy with a third party firewall. But I also had all ports set to Stealth, something that appears to not offer any security benefits (as I've learned from reading Ubuntu forums). I'd like to learn about best security practices (under Ubuntu) for outgoing firewall protection. I will be using the built-in Ubuntu firewall that is configured via Firestarter. Outgoing filtering offers privacy as well as security benefits. But I thought I needed my ports stealthed to be safe too, so I'm open to learning new things.
I wanted to start a poll to find out how many folks use permissive/restrictive, but no polls allowed here apparently.Could Ubuntu users knowledgeable about firewalls enlighten me on whether I should go Outbound-Restrictive and what applications I will need to allow so Ubuntu "housekeeping" is not affected negatively? I basically just use the internet for software updates, web-surfing and e-mail. One question I have is whether there is something comparable in Ubuntu to Window's "DNS Client" service? I always disabled Window's "DNS Client" and forced each application to request port 53 DNS lookups itself.I only had to allow four programs to accomplish all internet traffic that I engage in. I set all other programs/applications to be either Blocked or to have to Ask for an outgoing connection as needed.Here is my former Windows XP setup:
svchost.exe: allow UDP for ports 53, 67, 68, 123 (time) and TCP for ports 80, 443
Avast: allow UDP for port 53 and TCP for port 80
firefox: allow UDP for port 53 and TCP for ports 80, 443
IE: allow UDP for port 53 and TCP for ports 80, 443
View 9 Replies
ADVERTISEMENT
Jan 17, 2010
I am currently trying to make my computer as secure as it can possibly be. I am configuring the firewall to be restrictive by default, but I have some programs that are still unable to connect to the internet.
1. Pidgin Internet Messenger (I use AIM and MSN)
2. Skype
View 3 Replies
View Related
Jul 23, 2011
What should I do to keep important files on my computer from being uploaded to the internet? Don't I need an outbound firewall to prevent this?
What causes my computer to send an outbound request to the internet that would result in files being uploaded from my computer onto the internet? I'm afraid to put anything of importance (like reports that I've written for work) onto a computer with internet access because I don't want them to be uploaded to the internet. I wouldn't upload them on purpose obviously, but I'm afraid it would happen without my knowledge because I don't know what I'm doing.
View 4 Replies
View Related
Oct 3, 2010
I've recently installed Ubuntu 10 on my laptop and I'm not sure whether it's safe or not. My question is do I need any antyvirus or firewall to protect my pc against virus, spyware etc.?
View 9 Replies
View Related
Feb 23, 2011
I tried installing F-prot's linux scanner but it doesn't seem to want to install and I am tired of messing with it.
So I am wondering if I even need it or if there is something else.
I am behind a firewall already with my router if that helps any.
I guess I am having trouble understanding why virus protection is less necessary.
Do people not write viruses for linux systems?
View 7 Replies
View Related
Aug 10, 2010
here's my delema, there is a server on a network protected by a overly restrictive firewall. I can't connect to the server.
I was thinking, does a program exist where the server would connect to another server outside the firewall, then wait for commands? This way there is no port forwarding required. The only program I know that does this is LogMeIn. If you check the logs it does use SSH, and thats even when I blocked the port. Since LogMeIn isn't what I was looking for (Windows Only, full screen capture instead of command line), does an alternative exist?
View 1 Replies
View Related
Jun 21, 2011
I am a Linux newbie so please bear with me if I sound stupid. I was checking out how to set up a firewall for my system and landed on this webpage: [URL]. But I am so confused with how this ufw application works. What I understand is that once I set it to "default deny" it prevents unauthorized incoming connection but what does it mean when the author says to add exceptions for services I need? When do I need to do that? Also what's an SSH server?
View 2 Replies
View Related
Aug 24, 2010
I wish to prevent some programs from "phoning home", and to allow other programs to access only specific web servers.Is there any way to interactively allow or decline outbound communication from individual programs on Ubuntu?
View 4 Replies
View Related
Jul 22, 2009
Up until recently, as in a few days ago, I was using Ubuntu and had ufw managing the firewall.It's been "recommended" that iptables itself be used. Where do I do the rules go (as in a file) and how do I call those rules at startup?
View 6 Replies
View Related
Jan 3, 2011
I got Shorewall firewall all Set-up perfect but I'm stuck at 1 last bit. The aim is to let on 2 clients max onto my server. I have the policy setup in webmin as.
Uploaded with ImageShack.us
More than 2 clients can get onto the server. The aim is to have it as a ddos protection allowing 100 clients on and a max burst of 10 clients at a time.
View 3 Replies
View Related
Mar 9, 2011
I am trying to setup a firewall using Centos 5.5. The machine has 2 NICs, one connecting to the ISP/Modem and the other connected to a DIR-655 wireless router. The nic is connecting to the internet port on the router.
I do not want DHCP on the Firewall machine but on the wireless router.
[ISP/Modem]<--->[machine eth0]<--->[machine eht1]<--->[DIR-655 internet port]
IP from ISP Dynamic 192.168.1.1 192.168.1.2
IP's on the DIR-655 LAN will be 124.168.0.0/24 network lets say.
I have setup routes on the eth0 192.168.0.0/24 and 124.168.0.0/24
and added 124.168.0.0/24 to eth1.
I can ping eth0 and eth1 but cannot ping 192.168.1.2.
this setup is not actually connected to the internet so I disabled iptables to try testing the ping and still no good.
View 1 Replies
View Related
Jan 17, 2011
I have problem on VPS running opensuse. When I enable firewall outbound connections stop working. I have tried everything I know (not much when it comes to firewall (iptables)) but could not solve this.
Here is my ifconfig:
Code:
I used xxx.xxx.xxx.xxx to hide real address.
View 2 Replies
View Related
Jan 3, 2011
I currently want to set up a network with 2 Ubuntu servers (mail and web) in a DMZ in order to separate them from an internal network. I want to use a dedicated Linux firewall. This firewall will have 3 network interfaces on it. One network interface will connect to the external router/modem (router and modem in one box), one interface will connect to the DMZ and the other interface will connect to the internal network. The router/modem lets you put, I think it's 1 or 2, interfaces in a DMZ.
But, when I think of any of the dedicated firewall's or servers' interfaces it doesn't make sense to me to put any of them in the router/modem's DMZ (I think it would be better for the dedicated firewall's and the servers' interfaces to have static private I.Ps ie 192.168.2.4 etc right?). What I mean is that even if, as far as the router/modem is concerned, none of the interfaces were in a DMZ, the area where the servers are would still effectively be a perimeter network and with such a set up would still be, effectively,a DMZ, right?
View 7 Replies
View Related
Jun 2, 2011
I'm having an issue where a server in CA (1000/full) and in VA (100/full) have very lopsided data transfer.
CA -> VA with iperf shows ~20Mbps
VA -> CA with iperf shows ~93Mbps
If we change the CA server to 100/FULL, transfer speed is 93Mbps both ways.
Some tuning was done to TCP window scaling parameters, but it won't correct the issue, just improve the CA -> VA numbers to what is listed above. I will say, turning TCP window scaling OFF will lower the transfer speed both ways to < 20Mbps.
The only clue I have when looking at wireshark dumps is that the window scale going OUT would never go past 10240 (scale is 8, so 2^8 x 40bytes). In the opposite direction, the window size will go above 3MB (scaled).
It is not a bandwidth problem as iperf with UDP shows 93Mbps both ways. Local transfers (CA 1000/full to CA 100/full) show full speed both ways, so I feel it is strictly related to TCP window scaling.
RedHat 5 64-bit on both sides. Any ideas why it won't scale above 10240?
View 7 Replies
View Related
Mar 15, 2010
This is the current setup that we have: We have approx 20 clients who pay us to send out a type of e-mail called an E-Blast to their customers. We currently are using 5 Microsoft Windows Virtual Servers to do this. The problem is that those machines are starting to break down. There are times that it will take Microsoft Windows approx 9-10 hours to complete 1 job. This is way too long. We want to move away from Microsoft Windows for this particular type of job as it seems there are more customers who are wanting to use this type of advertising.
It seems that using a Linux Server "Command Line or Shell" environment would be the best way to go as there is no GUI like Windows. Since there is just text...that is something that would/should process very, very quickly.
I am in the process of setting up a new SMTP outbound mail server. This is the current software & configuration (what is installed on this new machine):
All of the customer data (Names, E-Mail Addresses, etc that these e-mails are going to) are currently loaded in a Microsoft SQL Database.
My machine that I am using is plugged into the DMZ. I have 1 ip address for the 1 network card. I have also added/bound 4 more ip addresses to that network card.
I have configured Postfix for Multiple IP Addresses.
I can, from the command line, send successful test e-mails and receive them in my personal account.
As far as I know everything is setup correctly. I can and will post requested information so that it can be verified that everything is setup correctly.
Here are a couple of my questions:
Ensure that I have my Network / Interfaces file and my Postfix's Master.cf/Main.cf files setup correctly?
How can I setup this server to be an Outbound SMTP server and get it to use all 5 of the IP Addresses to send these e-mails quickly?
What can I use to check and ensure that this server is in fact sending out emails on all 5 IP
Addresses (I heard that there is a program named "Postal" that may help in determing this).
View 3 Replies
View Related
May 18, 2010
I am learning to setup firewall in my home for that i have selected four system(sys1,sys2....sys4) for testing .I have configured sys2 to act as a firewall with two NIC. sys3 and sys4 are inside the firewall . sys1 is not connected to firewall for testing purpose.
the IP assignments are follows :
sys1 : ( fedora, not connected to firewall i am thinking, But i am not sure )
IP : 192.168.2.1 ,
gateway : blank
dns1 : blank
dns2 : blank
sys2 firewall ,IPTABLES )
code....
what happened is that sys1(not connected to firewall) can ssh to sys4(connected,inside firewall),since the rules are written not to ssh form sys1 to sys4..
then I came to know whatever the request I give, It directly goes as sys1 --> sys4. Not as sys1-----> sys2(firewall)---> sys4 .and the firewall is not filtering and processing anything for both inbound and outbound (i think it's my mistake some where). the requests are directly going inside without firewall.
View 3 Replies
View Related
Apr 15, 2011
I understand the difference between Reject vs Drop for incoming traffic, but are there any differences between reject and drop for Outbound Traffic? Are there reasons to pick one over the other or are they functionally identical when talking about Outbound traffic?
View 6 Replies
View Related
May 25, 2011
Tried google and searching this forum to no avail. Under Fedora 14, there is an selinux policy which blocks sshd from making outbound connections on port 80 or 443. This can occur when a client box tries to tunnel through the ssh connection for encrypted access to the web.
While I did manage to allow this happen by creating a permissive domain for sshd with this command:
Code:
The preferred way would be to allow sshd to make connection on other ports with a similar command that does not seem to work:
Code:
Is this the correct way of allowing an outbound port connection for the sshd daemon?
View 2 Replies
View Related
Jan 22, 2010
I installed TrueCrype 6.3a on my 8.1 Ubuntu. Everything went fine until I got to the part where I need to protect my hidden volume from damaged caused by writing to the outer volume (these instructions: [url] ). I can't find the checkbox to "Protect hidden volume from damaged caused by writing to outer volume". The closest thing I can find is an option to "Protect hidden volume when mounting outer volume". Intuitively these don't sound the same to me. There are 2 difference between my setup and the instructions; 1) the instructions appear to be written for Windows and not Linux. 2) I am using a file volume and not a partition volume.
Does anyone know where the option is to protect the hidden volume when writing to the outer volume?
View 2 Replies
View Related
May 15, 2011
When surfing the net do you need virus protection? And if so what do you recommend?
View 9 Replies
View Related
Jul 2, 2011
is there a way to make a password key-ring for a list of specifications, specifically; all the applications relating to preferences. I'm running Ubuntu 11.04, I'm the only user, I disabled all login password requirements because they were annoying me and I'm cool with anybody using any of my applications as long as they aren't capable of changing my system in any way. Some of the applications I would like to be on the list include the terminal, the network connections preferences, the keyboard preferences. I wan't to be prompted for a password before opening these programs
View 4 Replies
View Related
May 9, 2011
Can we use iptables as firewall instead of Juniper firewall
View 2 Replies
View Related
Feb 24, 2011
I work in a relatively small organisation of about 30 people (but with a complex network) and we've been looking to move our firewall to Microsoft's Threat Protection Manager on a mostly Windows network. I've been thinking we should have an IDS/IPS inside the firewall and I've been thinking about Snort in NIDS mode but have some basic questions:
1. Can anyone recommend a good web GUI for Snort?
2. Is it advisable to run both on the same machine? (Both from a POV of security and resources.)
3. Would Snort add any real benifit to using TPM?
View 2 Replies
View Related
May 6, 2010
So I forgot how to do something in Compiz and I quickly Googled it to find the answer. On the first or second link I clicked, a pop-up box opened from Firefox saying that I should scan my computer. Immediately, I pressed the X button, but a page started to load that tried to "scan" my computer. I closed out Firefox and re-opened it. I did the exact same search again on Google, but I clicked on the cached view of the site. It was harmless enough--a blog with some ads on the side of the page. I'm assuming that it was one of the ads that somehow must have taken over the page.
Anyway, I know that the discussion of anti-virus programs is not anything new, but I would like to know if this virus may have affected Ubuntu. What would you guys recommend in this case?Also, after running the update manager, I received a pop-up box asking if I would like to update Grub. Is this a normal part of the update, or could it be a virus? I'm a bit paranoid, being from the land of Windows.
View 6 Replies
View Related
Aug 26, 2009
I have been trying to find a virus protection software that will integrate with my kernel 2.6.16.60-0.42.4. I tried Linuxshield, but the version of kernel I have is too new. I spent two days trying to make it work, but it gives me an error continually, no matter what I do when I try to install it. If there is anyone on the same kernel version that has had success with a virus protection software.
View 11 Replies
View Related
Jan 7, 2011
I don't know if this is Just my Machine, or not. But here is it:
Ubuntu 10.01
Acer Aspire 7740
When the computer is locked. I can smiply go to switch users. when the list of users logins are shown all i have to do is click on my user name and it allows me into my account without typing in a password. I can lock the computer manually or wait for it to time out it doesn't matter. the switch users method allows me to bypass the password protection.
View 3 Replies
View Related
Aug 11, 2010
I am using ubuntu 10.04 on an iMac 7.1. What do the following log entries mean? I recently had a "sbin/init infected" alarm with chkrootkit (or rkhunter, I forget which) and reinstalled, and I thought I was rid of the problem, whatever it was (could have been a kernel panic), but now the checksecurity setuid stuff reappeared (the checksecurity.log only appears in the log file viewer after resetting it with gconftool-2 --recursive-unset /apps/gnome-system-log, which seems suspicious; why is the log hidden by default?); also there are "outbound" messages that I don't understand. I have another ubuntu install on another Mac which seems to be unaffected (and also has checksecurity installed; I just ran it manually and also got setuid stuff, but there is no "outbound" and ufw.log is empty). I can't really think I have a rootkit (I don't notice any effects except these anomalous logfiles, and my browsing habits don't include sleazy websites). And what exactly are bound sockets? There is a lot of information about sockets on the net but it's all rather technical. I continue to look of course. I ran chkrootkit and rkhunter again, and they read clean (if I can trust them).
Is it possible that the trouble is related to the Mac's BIOS emulation? (Apple does not seem to take security very seriously; Snow Leopard does not even ask for a password for Software Update - I asked my premium reseller and he confirmed it. I should not be surprised to find out that the iMac's BIOS emulation is unsafe. I'll need to get a real computer). The MacBook Pro 5.1 has a newer firmware (for instance, it will boot ubuntu from external disks which the iMac will not), and as I said that install seems to be unaffected (The setuid stuff is probably normal, but I'm not sure the "outbound" messages are). I use grub legacy, which seems to install to the Mac's EFI partition as /dev/sda (GParted shows 18.1 MB of 200MB used on both computers with ubuntu on them, whereas an HFS+ disk without ubuntu, or with GRUB in a partition, will show 3.09 MB used).
Does it make sense to reconfigure checksecurity to check for setuid changes daily (change CHECK_WEEKLY="SETUID" in /etc/checksecurity.conf to CHECK_DAILY="SETUID")?
checksecurity.log:
messages (part):
There also was a lot of terminal output similar to the iMac's which I forgot to save, and when I ran checksecurity again it was blank. (Incidentally, the list of setuid programs on Mac OS is a lot longer)
View 3 Replies
View Related
Sep 23, 2010
I have a Suse11 box with 2 network cards:
I have squid as a proxy on the Suse box, and with the default firewall I have to enable masquerading to allow clients on the eth3:1-3 to send and receive mail through the Suse box. I found the Suse firewall completely inadequate (all P2P software/connections are allowed once you enable masquerading) and had to install ConfigServer Security & Firewall. In die configuration of csf I could get my way around getting smtp to work for the eth3:1-3 clients, but pop3 connections does not go through the box. I know I need to allow port 110 and 995 to masquerade of NAT (or something) and then the same for port 22
View 2 Replies
View Related
Feb 9, 2010
I want to setup a router with firewall on ubuntu box that will connect windows pcs one serving as outside source and one serving as inside target.
View 2 Replies
View Related
Aug 3, 2011
I run ubuntu on home pc and am very happy with it. I use internet to surf and to see my email on gmail.com etc. What commands should I give to setup ufw firewall so that only this much is allowed? Also, where can I see if some other connections have been blocked?
View 9 Replies
View Related
