First Steps.

Discussion:

First Steps.

Heddle Weaver

2011-09-05 01:52:26 UTC

Hello,

Taking first steps in the security world.
I know that a 'firewall' is nothing but a configuration file for iptables,
but that's about it.
I need recommendations for literature or other sources of reliable knowledge
that start off with answers to questions such as: 'What is a port?'

Any time and trouble appreciated.
Regards,

Weaver.

--
Religion is regarded by the common people as true,
by the wise as false,
and by the rulers as useful.

â Lucius AnnÃŠus Seneca.

Terrorism, the new religion.

Scott Ferguson

2011-09-05 02:19:13 UTC

Permalink

Post by Heddle Weaver
Hello,
Taking first steps in the security world.
I know that a 'firewall' is nothing but a configuration file for
iptables, but that's about it.

Blocking is only part of what constitutes a "firewall" ie. the ultimate
firewall is an air-gap.
http://en.wikipedia.org/wiki/Firewall_%28computing%29

Post by Heddle Weaver
I need recommendations for literature or other sources of reliable
knowledge that start off with answers to questions such as: 'What is a
port?'

http://en.wikipedia.org/wiki/Computer_port_%28software%29

Post by Heddle Weaver
Any time and trouble appreciated.
Regards,
Weaver.
--

<snipped>
http://wiki.debian.org/Firewalls
http://www.debian.org/doc/manuals/securing-debian-howto/ch-sec-services.en.html
http://wiki.debian.org/DebianFirewall

Cheers
--
"Do you remember this [beep] - you play certain rock albums backwards -
and there's satanic messages?
Let me tell you something - if you're sitting around your house playing
your albums backwards.... You are Satan!
You needed look any further. And don't go ruining my stereo to prove a
point either."
— Bill Hicks

--
To UNSUBSCRIBE, email to debian-firewall-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Archive: http://lists.debian.org/***@gmail.com

Heddle Weaver

2011-09-05 03:31:54 UTC

Permalink

Cheers!
Thanks for this.
I was thinking to much about books and here I am connected to the 'net.

On 5 September 2011 12:19, Scott Ferguson

Post by Scott Ferguson

Post by Heddle Weaver
Hello,
Taking first steps in the security world.
I know that a 'firewall' is nothing but a configuration file for
iptables, but that's about it.

Blocking is only part of what constitutes a "firewall" ie. the ultimate
firewall is an air-gap.
http://en.wikipedia.org/wiki/**Firewall_%28computing%29<http://en.wikipedia.org/wiki/Firewall_%28computing%29>
I need recommendations for literature or other sources of reliable

Post by Heddle Weaver
knowledge that start off with answers to questions such as: 'What is a
port?'

http://en.wikipedia.org/wiki/**Computer_port_%28software%29<http://en.wikipedia.org/wiki/Computer_port_%28software%29>

Post by Heddle Weaver
Any time and trouble appreciated.
Regards,
Weaver.
--

<snipped>
http://wiki.debian.org/**Firewalls <http://wiki.debian.org/Firewalls>
http://www.debian.org/doc/**manuals/securing-debian-howto/**
ch-sec-services.en.html<http://www.debian.org/doc/manuals/securing-debian-howto/ch-sec-services.en.html>
http://wiki.debian.org/**DebianFirewall<http://wiki.debian.org/DebianFirewall>
Cheers
--
"Do you remember this [beep] - you play certain rock albums backwards - and
there's satanic messages?
Let me tell you something - if you're sitting around your house playing
your albums backwards.... You are Satan!
You needed look any further. And don't go ruining my stereo to prove a
point either."
â Bill Hicks
--
with a subject of "unsubscribe". Trouble? Contact

--
Religion is regarded by the common people as true,
by the wise as false,
and by the rulers as useful.

â Lucius AnnÃŠus Seneca.

Terrorism, the new religion.

Kees de Jong

2011-09-05 04:56:06 UTC

Permalink

I can recommend you this book: "Linux Firewalls Attack Detection and
Response with Iptables, PSAD, and Fwsnort"
It goes very deep into the theoretical and practical use of firewalls
on Linux.
It also goes into intrusion prevention and detection.

You can also dig into the Debian security manual:
http://www.debian.org/doc/manuals/securing-debian-howto/
And you can start auditing your system now with: tiger, lynis, lsat,
logwatch, chkrootkit, rkhunter, debsecan and checksecurity
Use the man pages to learn how to use them ;-)

Good luck!

--
Kind regards,
Kees de Jong

Post by Heddle Weaver
Cheers!
Thanks for this.
I was thinking to much about books and here I am connected to the 'net.
On 5 September 2011 12:19, Scott Ferguson
Hello,
Taking first steps in the security world.
I know that a 'firewall' is nothing but a
configuration file for
iptables, but that's about it.
Blocking is only part of what constitutes a "firewall" ie. the
ultimate firewall is an air-gap.
http://en.wikipedia.org/wiki/Firewall_%28computing%29
I need recommendations for literature or other sources
of reliable
knowledge that start off with answers to questions
such as: 'What is a
port?'
http://en.wikipedia.org/wiki/Computer_port_%28software%29
Any time and trouble appreciated.
Regards,
Weaver.
--
<snipped>
http://wiki.debian.org/Firewalls
http://www.debian.org/doc/manuals/securing-debian-howto/ch-sec-services.en.html
http://wiki.debian.org/DebianFirewall
Cheers
--
"Do you remember this [beep] - you play certain rock albums
backwards - and there's satanic messages?
Let me tell you something - if you're sitting around your
house playing your albums backwards.... You are Satan!
You needed look any further. And don't go ruining my stereo to
prove a point either."
â Bill Hicks

--
Met vriendelijke groet,
Kees de Jong

De informatie opgenomen in dit bericht kan vertrouwelijk
zijn en is uitsluitend bestemd voor de
geadresseerde(n).
Indien u dit bericht onterecht ontvangt, wordt u
verzocht de inhoud niet te gebruiken en de afzender
direct te informeren door het bericht te retourneren.
--
The information contained in this message may be
confidential and is intended to be exclusively for the
addressee(s).
Should you receive this message unintentionally, please
do not use the contents herein and notify the sender
immediately by return e-mail.

Heddle Weaver

2011-09-05 05:22:51 UTC

Permalink

Post by Kees de Jong
**
I can recommend you this book: "Linux Firewalls Attack Detection and
Response with Iptables, PSAD, and Fwsnort"
It goes very deep into the theoretical and practical use of firewalls on
Linux.
It also goes into intrusion prevention and detection.
http://www.debian.org/doc/manuals/securing-debian-howto/
And you can start auditing your system now with: tiger, lynis, lsat,
logwatch, chkrootkit, rkhunter, debsecan and checksecurity
Use the man pages to learn how to use them ;-)
Good luck!

Thanks!
I've been looking round.
Apparently this one is good also.

http://nostarch.com/firewalls.htm

Regards,

Weaver.

--
Religion is regarded by the common people as true,
by the wise as false,
and by the rulers as useful.

â Lucius AnnÃŠus Seneca.

Terrorism, the new religion.

Kees de Jong

2011-09-05 05:42:03 UTC

Permalink

That's the same book ;-)

--
Kind regards,
Kees de Jong

Post by Heddle Weaver

Thanks!
I've been looking round.
Apparently this one is good also.
http://nostarch.com/firewalls.htm
Regards,
Weaver.
--
Religion is regarded by the common people as true,
by the wise as false,
and by the rulers as useful.
â Lucius AnnÃŠus Seneca.
Terrorism, the new religion.

Heddle Weaver

2011-09-05 09:52:09 UTC

Permalink

Post by Kees de Jong
That's the same book ;-)

O.K.
Regards,

Weaver.

--
Religion is regarded by the common people as true,
by the wise as false,
and by the rulers as useful.

â Lucius AnnÃŠus Seneca.

Terrorism, the new religion.

Chris Bell

2011-09-05 06:57:26 UTC

Permalink

Post by Heddle Weaver
Hello,
Taking first steps in the security world.
I know that a 'firewall' is nothing but a configuration file for iptables,
but that's about it.
I need recommendations for literature or other sources of reliable knowledge
that start off with answers to questions such as: 'What is a port?'
Any time and trouble appreciated.
Regards,
Weaver.

There is a large amount of general and more specific information in the
Guides and HOWTOs at The Linux Documentation Project, http://www.tldp.org

--
Chris Bell www.chrisbell.org.uk
Microsoft sells you Windows ... Linux gives you the whole house.

Heddle Weaver

2011-09-05 09:58:25 UTC

Permalink

Post by Heddle Weaver

Post by Heddle Weaver
Hello,
Taking first steps in the security world.
I know that a 'firewall' is nothing but a configuration file for

iptables,

Post by Heddle Weaver
but that's about it.
I need recommendations for literature or other sources of reliable

knowledge

Post by Heddle Weaver
that start off with answers to questions such as: 'What is a port?'
Any time and trouble appreciated.
Regards,
Weaver.

There is a large amount of general and more specific information in the
Guides and HOWTOs at The Linux Documentation Project, http://www.tldp.org

Thanks for that.
Regards,

Weaver.

--
Religion is regarded by the common people as true,
by the wise as false,
and by the rulers as useful.

â Lucius AnnÃŠus Seneca.

Terrorism, the new religion.

Poison Bit

2011-09-05 11:32:53 UTC

Permalink

Post by Heddle Weaver
Hello,
Taking first steps in the security world.
I know that a 'firewall' is nothing but a configuration file for iptables,
but that's about it.

Yes, a "firewall" works with just a few netfilter commands, but it is
not just that :)

And the iptables man page... is hard to memorize just its the full
content/modules/options.

What about kernel sysctl for example ? there is a whole "net"
subsystem of kernel variables (sysctl -a | grep net) the documentation
for that is included with the kernel sources and sparse on the
internet...

What about logrotate and rsyslogd config ? What about the subnets arp
changes monitoring ? etc etc...

Post by Heddle Weaver
I need recommendations for literature or other sources of reliable knowledge
that start off with answers to questions such as: 'What is a port?'

Some links I think I haven't see in the thread:

* http://lartc.org/howto/
* http://netfilter.org/documentation/index.html

Post by Heddle Weaver
Any time and trouble appreciated.
Regards,

Greetings
Iñigo

Post by Heddle Weaver
Weaver.
--
Religion is regarded by the common people as true,
by the wise as false,
and by the rulers as useful.
— Lucius Annæus Seneca.
Terrorism, the new religion.

Heddle Weaver

2011-09-05 11:47:02 UTC

Permalink

Post by Heddle Weaver

Post by Heddle Weaver
Hello,
Taking first steps in the security world.
I know that a 'firewall' is nothing but a configuration file for

iptables,

Post by Heddle Weaver
but that's about it.

I meant that is about all I know.

Post by Heddle Weaver
Yes, a "firewall" works with just a few netfilter commands, but it is
not just that :)
And the iptables man page... is hard to memorize just its the full
content/modules/options.
What about kernel sysctl for example ? there is a whole "net"
subsystem of kernel variables (sysctl -a | grep net) the documentation
for that is included with the kernel sources and sparse on the
internet...
What about logrotate and rsyslogd config ? What about the subnets arp
changes monitoring ? etc etc...

Post by Heddle Weaver
I need recommendations for literature or other sources of reliable

knowledge

Post by Heddle Weaver
that start off with answers to questions such as: 'What is a port?'

* http://lartc.org/howto/
* http://netfilter.org/documentation/index.html

Thanks for that.
Regards,

Weaver.

--
Religion is regarded by the common people as true,
by the wise as false,
and by the rulers as useful.

â Lucius AnnÃŠus Seneca.

Terrorism, the new religion.

Heddle Weaver

2011-09-05 20:23:26 UTC

Permalink

If you need a quick and easy system as a stop-gap have a look at
http://www.ipcop.org

Thanks.
I've used Firestarter now and again, also, but I need to get serious for a
change.
I've got connection through a router, so I'll just rely on the firewall on
that for a short while.

This is the initial stage of gradually building a whole network - a couple
of old 486 boxes for a firewall and mail server, for example, as a
self-educating process.
Regards,

Weaver.

--
Religion is regarded by the common people as true,
by the wise as false,
and by the rulers as useful.

â Lucius AnnÃŠus Seneca.

Terrorism, the new religion.

Jonathan Plews

2011-09-06 14:16:52 UTC

Permalink

Post by Heddle Weaver
Hello,
Taking first steps in the security world.

You can turn any old Linux box into a firewall with a config file, but
that's just because Linux is cool like that.

iptables (the binary) is pretty nasty, as long as you know it's there
and can read man pages I'd leave it at that. (opinions will vary on
this)

Start off with something like Shorewall and get a basic router going,
most packages you install will have examples to hack at. Add more
interfaces, second WAN connection, wireless cards etc...

Regards

Jon

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

Cory Oldford

2011-09-06 14:57:09 UTC

Permalink

Start by learning packet traversal through the tables/chains. Then learn the supported matches and targets. Netfilter isn't complicated if you take the time to learn it. I recommend avoiding any premade firewall scripts initially.
--
Cory Oldford
PeaceWorks Computer Consulting
#1 - 396 Assiniboine Ave, Winnipeg
204 480 0314 --or-- 519 725 7875, ext 6010.

----- Original Message -----
From: "Jonathan Plews" <***@ts-tech.co.uk>
To: debian-***@lists.debian.org
Sent: Tuesday, September 6, 2011 9:16:52 AM GMT -06:00 US/Canada Central
Subject: Re: First Steps.

Post by Heddle Weaver
Hello,
Taking first steps in the security world.

Heddle Weaver

2011-09-11 12:57:59 UTC

Permalink

Post by Cory Oldford
Start by learning packet traversal through the tables/chains. Then learn
the supported matches and targets. Netfilter isn't complicated if you take
the time to learn it. I recommend avoiding any premade firewall scripts
initially.

Thanks for that.
Agreed, that you don't learn much from anything premade.
Regards,

Weaver.

--
Religion is regarded by the common people as true,
by the wise as false,
and by the rulers as useful.

â Lucius AnnÃŠus Seneca.

Terrorism, the new religion.

Heddle Weaver

2011-09-11 12:56:00 UTC

Permalink

Post by Heddle Weaver
Hello,

Post by Heddle Weaver
Taking first steps in the security world.

O.K., I've been away for a few days.

Post by Heddle Weaver
You can turn any old Linux box into a firewall with a config file, but
that's just because Linux is cool like that.
iptables (the binary) is pretty nasty, as long as you know it's there and
can read man pages I'd leave it at that. (opinions will vary on this)
Start off with something like Shorewall and get a basic router going, most
packages you install will have examples to hack at. Add more interfaces,
second WAN connection, wireless cards etc...

So far, I've just got a laptop, PC and a router for access.
There's a firewall on the router, but I thought I'd try apf-firewall on the
laptop and PC before I tried to build, just to get to know the basics.
I was looking at Shorewall for that, because it's one you've got to know
what you're doing to configure it, apparently.
I think I need that middle step to graduate to that, however, if only for
the confidence.
Regards and thanks,

Weaver.

--
Religion is regarded by the common people as true,
by the wise as false,
and by the rulers as useful.

â Lucius AnnÃŠus Seneca.

Terrorism, the new religion.