-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday 14 May 2003 16:45, James PEARSON wrote:

To all,

As I am running SuSE8.2 exclusively at home I was wondering how safe I was with regards to Internet and email usage, especially as I had my CPU maxed out last night on gkrellm, till I killed Mozilla (version Mozilla 1.4b - thanks to James Ogley ...).

Note : I have set up SuSEFirewall for a Single User ADSL line, but Internet seems awful slow at times lately...

I would therefore like to submit the following questions for this list's experts:

1) How can I check / improve my level of Internet / email security?

I don't do anything except installations as root and I have already tested mozilla and konqueror using the browser security testing site located at: http://webtest.scanit.be/bcheck/

You can test all the service ports (0-1054 IIRR) here-> http://nanoprobe.grc.com/

2) Does anyone know of a list of bad sites, or a test sites with various exploits, or else give me some specific URLS that I can test my setup against?

3) What is your specific setup with regards to Internet and email security..

This is what I have done to date... - I use SuSEFirewall

Go into YaST2 and click on the security settings again, then firewall, and it will pop up a dialogue saying if you continue, it'll stop using SuSE Personal firewall, and install SuSEFirewall2, then it'll walk you through a few simple questions, click finish and that's it. Does a fine enough job for *me*, but I'm on dial-up, and not sure if it'll need any more tweaking for DSL or Cable setups...someone will tell you I'm sure, heh.

-I downloaded and ran chkrootkit-0.40 to check out my system...

I do this also every once in a while, but I'm pretty sure that as a regular home user, and careful about what I download and from where, I won't ever have to worry about this kind of thing hitting me.

4) Are most SuSE users using an integrated antivirus program?

You're not in Windows anymore Dorothy (just kidding). Unless you're running your Linux box as a server of some kind for a Windows box or network of them, you don't need an AV. I've used SuSE from 7.3 up to 8.2 (skipping 8.1) and have installed junk from all over the place (yeah...sometimes just downloading something just for the heck of it to try it out and see what it's like)...never had anything like a virus or worm or anything else bother me or my system.

5) Any recommandations for a home ADSL user with regards to solutions offered by Vexira Antivirus for Linux F-Prot Antivirus RAV AntiVirus RAE AntiVirus

4) Any other ways I can strengthen my security...

Any help / comments would be greatly appreciated.

James

There should be a thing called 'harden-suse' on the DVD's or CD's IIRR, this would make it more secure in the sense that it'd tighten up how the user(s) could do *anything* as root, etc...at least as far as I'm able to understand that that's what it does, LOL. John - -- A butterfly is: Pretty,soft,harmless...and useless, just like M$N. My Penguin and my Gecko eat butterflies. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux) iD8DBQE+wtOiH5oDXyLKXKQRArnpAJoDEycSYMkqr9Ipb6t2TcFqZq7r9QCeKvEN hpjkwSeqdyUGFHLCxNMnu4A= =8a3I -----END PGP SIGNATURE-----

Just a few thoughts from the POV of a Sys Admin/Security Professional...

I have set up SuSEFirewall for a Single User ADSL line, but Internet seems awful slow at times lately...

ADSL's like that ;-)

1) How can I check / improve my level of Internet / email security?

Various ways...

2) Does anyone know of a list of bad sites, or a test sites with various exploits, or else give me some specific URLS that I can test my setup against?

Not off the top of my head, but if you subscribe to Bugtraq (via www.securityfocus.com) then as new exploits are found, proof of concept & test code tends to be made available there.

3) What is your specific setup with regards to Internet and email security..

That would be telling

-I installed Nmap and run Nmap from time to time... I just wanted to see what SuSEFirewall leaves open...

Where do you run it from? You want t orun it from a machine on the hostile side of the firewall - ie the internet, and if you can arrange it/afford it (if you opt for a professional to do it)/your ISP approves (your ISP seems perfectly happy with port scanning - we detect plenty of them from it ;) ) get a full nessus scan and vulnerability/intrusion test done.

-I downloaded and ran chkrootkit-0.40 to check out my system...

Make sure you keep that up to date

4) Are most SuSE users using an integrated antivirus program?

Actually, I don't, but then I'm really careful about what I run.

Under Windows I religiously updated Nortons every two weeks, however, under SuSe I have never used an anti-virus program...

Only every two weeks? Our Windows machines at work update their virus definitions every two HOURS

4) Any other ways I can strengthen my security...

Disconnect from the internet? ;) Nah, make sure your firewall only allows access to the ports you want to be visible from the internet, and that you make sure it's totally up to date with the latest patches for everything. Disallow traceroute as this potentially allows an attacker to understand how to get to your machine. Drop rather than reject unwanted packets - rejecting confirms that the machine is there and alive, and can aid in OS identification, dropping just causes packets to 'vanish'. On any services visible to the internet, obscure version numbers wherever possible. James -- James Ogley, Webmaster, Rubber Turnip james@rubberturnip.org.uk http://www.rubberturnip.org.uk Jabber: riggwelter@myjabber.net Using Free Software since 1994, running GNU/Linux (SuSE 8.2). GNOME updates for SuSE: http://www.usr-local-bin.org