<HTML ><HEAD ><TITLE >Securing Your Connection</TITLE ><META NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ "><LINK REL="HOME" TITLE="DSL HOWTO for Linux" HREF="index.html"><LINK REL="PREVIOUS" TITLE="Configuring Linux" HREF="configure.html"><LINK REL="NEXT" TITLE="Performance Tuning and Troubleshooting" HREF="tuning.html"></HEAD ><BODY CLASS="SECT1" BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#840084" ALINK="#0000FF" ><DIV CLASS="NAVHEADER" ><TABLE SUMMARY="Header navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TH COLSPAN="3" ALIGN="center" >DSL HOWTO for Linux</TH ></TR ><TR ><TD WIDTH="10%" ALIGN="left" VALIGN="bottom" ><A HREF="configure.html" ACCESSKEY="P" >Prev</A ></TD ><TD WIDTH="80%" ALIGN="center" VALIGN="bottom" ></TD ><TD WIDTH="10%" ALIGN="right" VALIGN="bottom" ><A HREF="tuning.html" ACCESSKEY="N" >Next</A ></TD ></TR ></TABLE ><HR ALIGN="LEFT" WIDTH="100%"></DIV ><DIV CLASS="SECT1" ><H1 CLASS="SECT1" ><A NAME="SECURE">4. Securing Your Connection</H1 ><P > This section is intended for those who have not previously dealt with the security implications of having a full-time Internet connection. Or may not understand some of the basic concepts of security. This is meant to be just a quick overview, not a comprehensive examination of all the issues! Just enough to give you a gentle shove in the right direction. Please see the <A HREF="appendix.html#LINKS" >Links section</A > for sites with more details. Also, your distribution surely has plenty of good information as well. </P ><DIV CLASS="SECT2" ><H2 CLASS="SECT2" ><A NAME="AEN623">4.1. Security Quick-start</H2 ><P > Before going on-line full-time, do not underestimate the need for securing your connection. You will have two things that mischief makers and crackers of the world are looking for: bandwidth, and a Unix-like OS. You instantly become an inviting target. It is just a matter of time before someone comes knocking. Possibly a very short time. A quick start: </P ><P > <P ></P ><UL ><LI ><P > Turn off any daemons and services that aren't absolutely essential, and can be accessed from outside. You can't get compromised through a port that isn't open. Use <B CLASS="COMMAND" >ps</B > and <B CLASS="COMMAND" >netstat</B > to see what services are running. (See man pages for specifics). Do you really need <B CLASS="COMMAND" >named</B >, <B CLASS="COMMAND" >sendmail</B >, <B CLASS="COMMAND" >telnet</B >, <B CLASS="COMMAND" >ftp</B > running and accessible to one and all? If not sure, then they should not be running. Then take whatever steps necessary to make sure they don't start again on the next boot. See your distribution's documentation on this. </P ><P > Many distributions start some well known services by default. You may not have done anything yourself explicitly to start these. And may not even realize these are indeed running. But it is up to you to know what is running, and how safe it is. Don't rely on a <SPAN CLASS="QUOTE" >"default"</SPAN > installation of any distribution to do this for you, or to be secure. Chances are it isn't. </P ></LI ><LI ><P > If you decide some services are essential, make sure you are running the most current version. Exploits are found, and then get fixed quickly. Don't get caught with your pants down. A full-time connection makes staying updated very easy -- and very important. Check with your distribution to see what new packages are available. Then stay in touch. If they have a security mailing list, get on it. </P ></LI ><LI ><P > Take passwords seriously, using non-dictionary <SPAN CLASS="QUOTE" >"words"</SPAN >. Use shadow passwords (this should be a standard feature of newer distributions). Do not allow remote root logins. See the <A HREF="http://www.tldp.org/HOWTO/Security-HOWTO.html" TARGET="_top" >Security HOWTO</A > for more details and ideas. </P ></LI ><LI ><P > Use <B CLASS="COMMAND" >ssh</B > instead of <B CLASS="COMMAND" >telnet</B > or <B CLASS="COMMAND" >rsh</B >. </P ></LI ><LI ><P > Set up a firewall to limit access, and log connection attempts. This will be different depending on which kernel series you are using: <B CLASS="COMMAND" >ipfwadm</B > for 2.0, <B CLASS="COMMAND" >ipchains</B > for 2.2, and <B CLASS="COMMAND" >iptables</B > for 2.4. See the below HOWTOs for a more in depth discussion on this and other security related topics: </P ></LI ><LI ><P > <P ></P ><UL ><LI ><P > <A HREF="http://tldp.org/HOWTO/Security-Quickstart-HOWTO/index.html" TARGET="_top" >Security-Quickstart-HOWTO</A > and for Redhat based distros <A HREF="http://tldp.org/HOWTO/Security-Quickstart-Redhat-HOWTO/index.html" TARGET="_top" >Security-Quickstart-Redhat-HOWTO</A > </P ></LI ><LI ><P > <A HREF="http://www.tldp.org/HOWTO/Firewall-HOWTO.html" TARGET="_top" >Firewall HOWTO</A > </P ></LI ><LI ><P > <A HREF="http://www.tldp.org/HOWTO/Security-HOWTO.html" TARGET="_top" >Security HOWTO</A > </P ></LI ><LI ><P > <A HREF="http://www.tldp.org/HOWTO/IPCHAINS-HOWTO.html" TARGET="_top" >IPCHAINS HOWTO</A > </P ></LI ><LI ><P > <A HREF="http://netfilter.samba.org" TARGET="_top" >Netfilter/Iptables docs</A > </P ></LI ><LI ><P > <A HREF="http://www.tldp.org/HOWTO/IP-Masquerade-HOWTO.html" TARGET="_top" >IP Masquerade HOWTO</A > </P ></LI ></UL > </P ><P > Additional references are in the <A HREF="appendix.html#LINKS" >Links Section</A > below. </P ></LI ></UL ></P ></DIV ></DIV ><DIV CLASS="NAVFOOTER" ><HR ALIGN="LEFT" WIDTH="100%"><TABLE SUMMARY="Footer navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" ><A HREF="configure.html" ACCESSKEY="P" >Prev</A ></TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="index.html" ACCESSKEY="H" >Home</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" ><A HREF="tuning.html" ACCESSKEY="N" >Next</A ></TD ></TR ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" >Configuring Linux</TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" > </TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" >Performance Tuning and Troubleshooting</TD ></TR ></TABLE ></DIV ></BODY ></HTML >