Re: basic firewall question
Quoting Roberto Sanchez <sanchezr@hotmail.com>:
>
> I am planning on getting DSL in the near future, so I have been considering
> what to do about a firewall.
>
> My intended setup is like this:
>
> www -> DSL modem -> cable/DSL router w/ hardware FW -> small LAN
>
> However, I would still like to have a firewall on each individual machine.
> I downloaded firestarter on one machine and played around with it some.
> But I'm not sure if that is the best tool. I basically want to block all
> incoming traffic except for SSH and DHCP (so I can get an IP address from
> the router). This setup seemed pretty easy with the little wizard that is
> included. I also need to be able to print across my local network.
>
> I tried out several services (telnet, ftp, and http) and it blocked those
> requests, but I am not sure how indicative that is of the security level.
> I also tried ssh and that worked fine.
>
On the LAN, try nmap and Nessus. From the Internet, www.grc.com and
www.vulnerabilities.org. The former is the Web site for Steve Gibson,
a controversial figure. His Shields Up! scan is Window-centric, but a
decent starting point. The latter URL is basically a Nessus scan.
It's good, but may point vulnerabilities that you do not have. E.g.,
it sometimes assumes which daemon you are running on a given port. It
flagged a Sendmail vulnerability. I have run several different MTAs
on port 25, but never Sendmail.
HTH,
Jeffrey
Reply to: