[NTLUG:Discuss] Firewall Advice?
MadHat
madhat at unspecific.com
Mon Sep 9 13:55:23 CDT 2002
On Mon, 2002-09-09 at 13:46, Dennis Daupert wrote:
> I recently got cable modem for the very first time.
> I run SUSE 8.0 with personal firewall enabled. I'd like
> some advice on whether this should be sufficient to
> prevent hack attempts, or should I use a different
> firewall? What should I watch for to see if I'm being
> scanned, hacked, etc? I'm green about such things.
>
depends on your goals. For the most part it should be fine without too
much tweaking. Depending on your goals, you may want to open or close
existing holes. As for monitoring, it depends on what you care about,
what you want to see and how it is configured. I like running things
like portsentry (http://www.psionic.com/products/trisentry.html), but
not sure how well it works with things like the firewall. They also
have logsentry, which can be useful, as well as swatch
(http://www.oit.ucsb.edu/~eta/swatch/) for watching log files for
interesting tidbits. There are lots of lists you could get on to help
with specific issues, the security-basics list at securityfocus.com is
good, but very busy. I do recommend looking over the archives.
--
MadHat at Unspecific.com
"Anyone who understands Linux/Unix, really understands the universe.
Anyone who understands Windows, really understands Windows."
- Richard Thieme, DefCon 10, 2002
More information about the Discuss
mailing list