FIREWALL STUFF
jean francois
francois at ece.ualberta.ca
Wed Feb 21 20:30:44 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Maurice
Your last statement "PS Perhaps I don't even need a firewall?" gave me
the shivers.
Firewall are as essential on a computer as an external door on your home.
A kernel firewall, like in *nix, is better than a software firewall,
like in Windows; because, there are network worms that will affect
your network card from the get go, this why you want a firewall that
load BEFORE the network card activate; also, It is only a matter of
time, for a worm to boot your computer, using wake-on-lan, and install
whatever bot they need.
Where I work, I see dictionary attack almost every days, and when they
hit they hit at least 10 computers.
Dictionary attack: someone is trying to login on your computer using a
list of name. Those attack goes around in IP ranges, some of those
dictionary contain over 20,000 names, a firewall is of no uses you
here, you a need a strong password. You may want to consider OSSEC,
it's a intrusion detection and more, it install in seconds (minutes
the first time) it will banned the IP after 4 fail led login.
Firewall rules are a bit complex, may be overwhelming, but
understanding the basic, before using the GUI, goes a long way.
Googling "firewall 101" I have found this link
http://fhj52.tripod.com/linux/XML/firewall101.htm which seems to be good.
Regards and be safe
Maurice Murphy wrote:
> I first of all tried Firestarter that comes installed with the Edgy
> package. Unfortunately it seems to have some sort of a bug. It also
> gums up my home network. So I removed Firestarter using Synaptic and
> loaded Gnome-Lokkit. My question is, how do I set this up? I see no
> menu item. When I try running it via alt-F2 (sudo gnome-lokkit) run, I
> sometimes get what looks like a gnome-lokkit screen. If I click the
> Next button, the screen disappears and nothing else happens.
> Suggestions anyone please? Many thanks, Maurice
>
> PS Perhaps I don't even need a firewall?
>
- --
Francois Brochu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFF3Kv0js2UcJ0oZDcRAhwmAKCoLci1aZfCilEe/7m/Cuvw4rjPPgCeO5kF
x131rRZmsfZmzgqXoRIsL2g=
=E2XZ
-----END PGP SIGNATURE-----
More information about the ubuntu-ca
mailing list