Firewall / Network Security Question

Talk here about security in general. Posting illegals software is prohibited. All stuffs in this forum must be considered as for "Educational purpose only".
Post Reply
Koss98
White ninja
White ninja
Posts: 10
Joined: 28 Apr 2017, 18:36
Distribution: 3.2.2
Location: Canada

Firewall / Network Security Question

Post#1 by Koss98 » 01 May 2017, 14:28

Edit: I forgot to mention that I'm on unsecured wifi most of the time

How secure is Porteus with firewall turned off? I was fiddling with rc.local sometime ago and the edit somehow interfered with the firewall (should've used the "startup script" feature in the Settings Centre), which I had previously set to "block all". When I checked the settings later I found that the firewall had now been set to "off", and I confirmed that this was also the case in practice. I've read that firewalls aren't essential for distributions like Ubuntu as they have no tcp/udp ports open by default. Furthermore, Linux supposedly has a firewall built into its kernel, though I have no idea what that implies.

Are these the case for Porteus? Should I change my online passwords, delete my Porteus installation and start over, lest my machine had been compromised at some point by an attacker while I was unaware? I feel lost as I'm woefully ignorant when it comes to information security. :fool:

Evan
Warlord
Warlord
Posts: 519
Joined: 11 Apr 2016, 09:00
Distribution: Anything Cinnamon
Location: London

Re: Firewall / Network Security Question

Post#2 by Evan » 02 May 2017, 05:40

Koss98 wrote:How secure is Porteus with firewall turned off?
A question i've been meaning to ask myself as i wondered if there was any type of Netbios or Network discovery running for Samba and such.

donald
Full of knowledge
Full of knowledge
Posts: 1224
Joined: 17 Jun 2013, 13:17
Distribution: Porteus 3.2.2 XFCE 32bit
Location: Germany

Re: Firewall / Network Security Question

Post#3 by donald » 02 May 2017, 07:44

First of all: there is no 100 % security -- You should always use your common sense.
This leads to the Question:
why would i want to disable the firewall while connected with a public network?

However,
Linux doesn't have a bunch of dodgy ports open to the outside world.
An incoming try to connect is only a problem if there are applications listening
for these incoming connections.
Unless there is a specific program listening on a port, the port is closed
just as tightly with no firewall running.
If nothing is listening on a given port than all the skript-kiddies in the world
aren't going to get into your machine. -- A closed port is a secure port.

Best solution:
simply not having potentially vulnerable services listening by default.

Some commands you may find useful.
lsof -i -P -n
netstat -vatn
netstat -tulpn
iptables -L -v

Btw
All you guys and gals using porteus at home, you are most likely behind a router which shields you.(to some degree)
Nonetheless, it make sense to change the default Passwords and to keep the running firewall.

User avatar
francois
Contributor
Contributor
Posts: 5083
Joined: 28 Dec 2010, 14:25
Distribution: kde xfce porteus manjaro kubun
Location: Enfin l'été, le changement climatique attendu: le soleil.

Re: Firewall / Network Security Question

Post#4 by francois » 02 May 2017, 17:37

All you guys and gals using porteus at home, you are most likely behind a router which shields you.(to some degree)
Nonetheless, it make sense to change the default Passwords and to keep the running firewall.
This is the best answer for linux naive users :)
Thanks.
Voltaire: Le mieux est l'ennemi du bien.

Koss98
White ninja
White ninja
Posts: 10
Joined: 28 Apr 2017, 18:36
Distribution: 3.2.2
Location: Canada

Re: Firewall / Network Security Question

Post#5 by Koss98 » 02 May 2017, 17:58

:good:

That's the kind of answer I wanted. A lot of the advice I've found online are theoretical, vague, or meant for power users running servers. As a typical desktop user I just need some practical advice and a general grasp of things so I can feel reasonably assured about the security of my system.

anajames
Black ninja
Black ninja
Posts: 30
Joined: 12 Jun 2017, 08:38
Distribution: Gentoo Linux
Location: USA

Re: Firewall / Network Security Question

Post#6 by anajames » 29 Jun 2017, 12:13

francois wrote:
All you guys and gals using porteus at home, you are most likely behind a router which shields you.(to some degree)
Nonetheless, it make sense to change the default Passwords and to keep the running firewall.
This is the best answer for linux naive users :)
Thanks.
I think it should be a regular practice, changing passwords on a monthly basis. Provide no room for infringement.

sarahah
Ronin
Ronin
Posts: 1
Joined: 06 Sep 2017, 10:34
Distribution: N/A
Contact:

Firewall / Network Security Question

Post#7 by sarahah » 06 Sep 2017, 11:22

donald wrote:
02 May 2017, 07:44
All you guys and gals using porteus at home, you are most likely behind a router which shields you.(to some degree)
Nonetheless, it make sense to change the default Passwords and to keep the running firewall.
I also totally agree with this thought. :)
_______________________
Last edited by sarahah on 18 Sep 2017, 12:28, edited 1 time in total.

User avatar
n0ctilucient
Samurai
Samurai
Posts: 134
Joined: 21 Apr 2017, 15:59
Distribution: fullmoonremix
Location: 127.0.0.1
Contact:

Firewall / Network Security Question

Post#8 by n0ctilucient » 06 Sep 2017, 11:39

For those that are interested in this sort of thing...

The router should use coreboot firmware....
https://store.netgate.com/MinnowBoard-T ... P2780.aspx

And for good measure it's OS loadout should (@ the minimum) include...
"hardened" binaries/libraries and Musl to prevent return to libc C attacks.

Otherwise... the result is a significantly larger router attack surface.
In any case... the unfortunate truth is many consumer routers don't do this.

Also... the default router settings on many consumer units leave certain
commonly exploited ports open. So some reconfiguration might be in order.

As for the firewall... the best OS firewall default setting is... "opt out" (default=ON) because "opt in"
(default=OFF) assumes... the end user knows how to turn the firewall on (some end users ARE "n00bs").
Last edited by n0ctilucient on 20 Sep 2017, 20:28, edited 4 times in total.
:hmmm: I do NOT have the "right" to tell anyone what they should do...
but I reserve the "right" to tell them what they should consider.

Falcony
Full of knowledge
Full of knowledge
Posts: 235
Joined: 01 Jan 2011, 12:44
Location: Russia

Firewall / Network Security Question

Post#9 by Falcony » 18 Sep 2017, 08:29

Porteus based on Slackware - which is vanilla systems - that's why it is not intended for server or router purposes.

Yep, it is true, Of couse you may use Slackware/Slax/Porteus as server - but it will required much do of hardening - which is untrivial

There is sonme script which allow to do it quick for Slackware https://github.com/pyllyukko/harden.sh/ ... /README.md
Possible for porteus also - but again porteus is for desktop - no repos with server sofware - stable one and updated ones - that is the main reason to look up for other system for router.

User avatar
n0ctilucient
Samurai
Samurai
Posts: 134
Joined: 21 Apr 2017, 15:59
Distribution: fullmoonremix
Location: 127.0.0.1
Contact:

Firewall / Network Security Question

Post#10 by n0ctilucient » 18 Sep 2017, 11:54

Absolutely correct... regarding noobs. Otherwise... like all things Linux with the right skill set all things are possible.
Indeed... hardening is some major heavylifting. That's why I'm grateful that tools like src2pkg and depfinder exist.

Still as the Beatles used to say... "I get by with a little help from my friends".
Which is why the Porteus community is without question priceless.

I lost track of how many times (unlike so many other communities),
that I got important technical info that got me past the rough spots.

Currently my strategy is... before hardening anything else is to harden glibc.
In any case... other than the build toolchain what else is best to harden?
:hmmm: I do NOT have the "right" to tell anyone what they should do...
but I reserve the "right" to tell them what they should consider.

Post Reply