[ubuntu-uk] Warning to all users of Samba
Paul Morgan-Roach
roachy at roachy.net
Wed Apr 21 11:51:27 BST 2010
On Wed, Apr 21, 2010 at 12:29 AM, John Stevenson <john at jr0cket.com> wrote:
>
> Am I wrong in thinking this post is really a warning about not setting you
> router up securely?
>
> If you are unable to control the router or the IP address your Ubuntu box
> is assigned, then you can always run a firewall and/or AppAmor on you Ubuntu
> box.
>
For those wanting a graphical interface for IPTables, you can use
Firestarter (available in the repos). It's a nice interface that covers
most functions. From the command line Ubuntu has ufw - the uncomplicated
firewall, which is effectively an easy method to configure basic firewalling
(eg. ufw allow ssh)
I can't emphasise enough how important it is to secure the perimeter device
effectively though. If outbound filtering is enabled and services are only
enabled on requirement, we'd see a drop in viruses, worms, spam and other
nasties. Think back to the "Slammer worm" (
http://en.wikipedia.org/wiki/SQL_Slammer) which compromised windows boxes at
a rapid rate, but could not have propagated anywhere near as fast if
outbound firewalling was enabled.
The same goes for IRC controlled botnets - if you restrict outbound IRC
traffic from only the machines that you use IRC on, then the infected
machines cannot be controlled.
The majority of spam comes from hijacked PC's - if your perimeter device
only allows the mail server on your network outbound access on port 25, then
spam cannot be sent from a compromised desktop. Furthermore, logging on the
perimeter device can also be used to identify threats from within the
network (if you see a blocked IRC or SMTP traffic it gives cause for
investigation).
I hope this gives a little food for though....
Paul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ubuntu.com/archives/ubuntu-uk/attachments/20100421/800043ff/attachment.htm
More information about the ubuntu-uk
mailing list