FC3 - broken into?
Robert Storey
y2kbug at ms25.hinet.net
Thu Feb 17 22:05:47 UTC 2005
On Thu, 17 Feb 2005 11:15:04 -0500
Temlakos <temlakos at gmail.com> wrote:
> Now as to how to keep the barn door locked: My first impression is
> that you need to enable the system firewall, even if you /do/ have a
> corporate firewall. Redundancy never hurts in security. Of course, you
>
> need to make sure you know what TCP and UDP ports have to be open for
> certain network processes to run. As long as you open those ports (as
> source /and/ as destination, to be safe) and restrict this to the
> subnetwork you have in your enterprise, your computer should be safe
> even if someone compromises the corporate firewall--or is making
> mischief inside the enterprise and hence already inside the firewall.
> Search on the word "iptables" for more information. (The iptables
> system and syntax took a long time for me to learn, until now I have a
> system that is /very/ particular about what transactions it allows,
> even between computers on my own network.)
Maybe slightly off-topic, but if you want more control over your
firewall rules and are baffled by the cryptic mess that is iptables, I
highly recommend Guarddog. I replaced the Fedora default firewall with
Guarddog and have been much happier ever since. It can be downloaded
from here:
http://www.simonzone.com/software/guarddog/
I compiled it from source and ran into no dependency problems.
cheers,
Robert
More information about the fedora-list
mailing list