I suggest that you use iptables and snort on the SuSE box and then, additionally go and install something like norton personal firewall or something alike on the internal computers (if they 're win32 as I suppose). The SuSE box divides your LAN from the internet, whereas the (host based) personal firewalls allow you to see which process uses what sockets and connects to where, plus you can allow/disallow individual applications. A drawback however is, that the win32 personal firewalls wont most likely not log to a centralized syslog, plus you will have to configure (and eventually maintain) them all manually. A different approach is presented by NFR (www.nfr.com). They do offer a complete solution for intrusion detection that works with agents, which, once deployed on each host within the LAN, log to the central NFR log repository (afaik). But this is like, costly ;-( hope that helps & cheers Chris Burri jun. Systems- & Network Engineer Synecta Informatik AG 9000 St. Gallen Switzerland .-. /v\ L I N U X // \\ >Phear the Penguin< /( )\ ^^-^^ |--------+-----------------------> | | Andreas | | | Fiesser | | | <fiesser@gmx.| | | net> | | | | | | 03.05.01 | | | 18:49 | | | | |--------+----------------------->

---------------------------------------------------------------------------------------------------------------------------------------------| | | | To: Security SuSE <suse-security@suse.com> | | cc: | | Subject: [suse-security] How to prevent home-phoning ? | ---------------------------------------------------------------------------------------------------------------------------------------------|

I've got a SuSE 7.0 box sitting between my home LAN and my DSL ISP. Among other services this host acts as a firewall for the LAN. The clients connect by masquerading or JunkBuster (running on the router) to the internet. Theoretically the FW should keep all the bad boys/girls out by stealthing my ports. How can I make sure that only those apps get out where I say it's OK ? I figure that this is no trivial task but maybe there are solutions to do this. Primarily I use Netscape to browse the Net and do my e-mails. Then I need a few programs to ftp outside. I guess it's a bit tricky to know if any other software tries to establish connections ? Sorry, if this sounds a bit naive but I'm wondering if my firewall thingy is actually any good in the days of spyware thrown at us users "to improve the knowledge about the needs of dear customers". --------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com