1. IP-Tables and Security in General

[Gordon Dey]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 13-09-22 08:00 AM, ubuntu-ca-request at lists.ubuntu.com wrote:
> Do we have a best practices model for preventing intrusions and
> securing one's system ?

There is much to be found in google--and I fear the topic 'best
practices model' depends very much on who you ask. Albeit, my
preference is with Tom Eastep's shorewall http://www.shorewall.net/

Instead of downloading, you can use 'apt-get install shorewall' or the
Ubuntu Software Center. Consider also installing shorewall-doc. That
way the packaging system can keep you up to date automagically. On his
website, there is a good 'Getting Started' section of links, as well
as in the documents package, probably under
/usr/share/doc/shorewall-doc/html/index.html . Usually, there are some
example configurations to copy over and start editing for 1, 2 and
3-interface configurations.

It's defaults: net->all (drop) and all->all(reject) are good starting
points. I usually tighten these further with loc->net(drop) and then
only enable what I can prove I need.

Gord.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJSP0PsAAoJEGgksGZ7nTPGdJUH/intWS5Yni9lML5Y6TElZ7KG
au1u1IkbVeLGYd6WzwpgYnVG58oIF207FzkKfzW5M87nhdwN+4uXRUdRMCnwSHYC
bfC4oVdYzwpazNVsiPgeruPjK96YPiSBhaKgBaVYoCh+VrGoefWxVj4RXThcWC2+
0rQVgV7S6cSdbWn0gpK95IK38G1KjK2u+4ksSPSkErH8d8HoXfPTnoQk+X/dmYRf
Em95OVpOfY+2/HgTnWS1Iv3EThlzJYGgMv5+qVyvBLjlVyR6gCIjOZnf4gfvoVXa
AyAu8yRnbf1fxSE+05Oca4uub2mZDnIr5o8wp3RjRbZoVgg2BxFWhp0erNdJrrs=
=I3gW
-----END PGP SIGNATURE-----