On 28/08/12 15:19, Werner Flamme wrote:
Bob Williams [28.08.2012 16:05]:
On 28/08/12 14:25, Billie Walsh wrote:
On 08/28/2012 06:49 AM, James Knott wrote:
Bob Williams wrote:
Is it safe to rely on the router firewall alone, combined with NAT, always accepting that safety is a relative term?
Well, many commercial boxes run on Linux or BSD.
My firewall/router is openSUSE 11.4 on an old Compaq computer. Of course, security in depth can be more secure than a single layer.
My only thought is, "How bad would someone want to get into your system?"
Here at home we just rely on the routers firewall. We run the cheap Cisco/Linksys routers with the DDWRT software. It's a bit better than the standard Linksys software. We turn off broadcast for wireless. That way the system is not visible to a casual scan. There's nothing here that would warrant someone spending an excessive amount of time hacking into.
Some time ago I looked at /var/log/messages and was amazed to see someone was running a script to try and get through port 22. Of course, sshd rejected every attempt, but it prompted me to move ssh to a different port.
So, there's always someone out there scanning for open ports. Apart from that, I just have the usual amount of personal information on this machine.
I think what I'll end up doing is continue to run both firewalls, but disable the openSUSE one temporarily for the time I want to watch a video, browse my photos, etc.
Don't you have a firewall on the router? Why do you allow access on port 22 from the outside there? Choose a port that is known just by you (for example, 7722) and make the router forwarding this port to your host's port 22. Do not allow direct access, because this will just fill your logs with the login attempts of script kiddies.
Didn't you read what I wrote? and you quoted? It was that episode, when I was younger and less experienced, that prompted me do what you have suggested
Second, try something like fail2ban. On our aged NX server (port 22 accessible from outside), we use this as protection, and about 99% of the attacks stop after 5 attempts when the client is disallowed for the first time.
I'll take a look at fail2ban. Thanks for the suggestion.
HTH Werner
Bob -- Bob Williams System: Linux 3.1.10-1.16-desktop Distro: openSUSE 12.1 (x86_64) with KDE Development Platform: 4.9.00 "release 555" Uptime: 06:00am up 16 days 7:10, 1 user, load average: 0.07, 0.08, 0.12 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org