Lemur zaprasza
Linux: A Network Solution for Your Office ContentsIndex Chapter 11: Firewalls: What to Protect Against Previous ChapterNext Chapter Sections in this Chapter: What Firewalls Do Setting Up a Linux Firewall Do You Need a Firewall? Summary What to Protect Against Manual Pages Previous SectionNext Section What to Protect Against Forged IP Numbers NetBIOS Connections Perhaps my opinion about firewalls is already clear: I rarely consider a full-featured firewall necessary, and often find them harmful. Firewalls might help you improve your network's security, but they are not the ultimate answer to all your security concerns. Far more important than firewalls is your knowledge of your systems and continuous monitoring. That said, it is not necessarily a good idea to place a completely unprotected network on the Internet either. You may not need a masquerading firewall, but protecting against a few of the most obvious methods of intrusion can be helpful and provide a real improvement in security, with little or no loss of functionality. Forged IP Numbers Perhaps the most obvious form of attack uses forged headers in an IP packet sent to your system. Typically, headers are forged to pretend that the packet originated from within your network. The reason why this has a good chance at succeeding is quite simple: Many security settings on Linux and other systems are host-specific, that is, features are enabled when a request arrives from a predetermined set of IP addresses. For instance, you may be running a graphical X server on your desktop, and want programs running on other machines on your network to be capable of appearing on this display. However, you definitely don't want an intruder from, say, China, to be able to make windows appear on your desktop (or worse) do so without your permission! Fortunately, this form of intrusion can be prevented easily. What you need to do is to configure your gateway to reject any packets that arrive via an external interface (that is, from your modem or network router) if their originating address matches an address on your network. Note that this should also include the localhost family of addresses ( 127.nnn.nnn.nnn.). NetBIOS Connections The commonly used MS-DOS/Windows networking protocol, NetBIOS, can also be made to work over TCP/IP connections. This very helpful feature can also become a security problem if intruders make attempts to connect to machines on your network using the NetBIOS protocol. Another related problem is that ill-configured Windows machines often send out NetBIOS packets with destination addresses outside your local network. These packets may carry information such as weakly encrypted passwords, which is not a good idea to send to random destinations on the worldwide Internet. The good news is that unless you have remote users who use shared DOS or Windows directories or printers, there is no need to allow NetBIOS traffic to flow between your local network and the Internet. NetBIOS traffic may use any combination of TCP and UDP ports 137, 138, and 139. To block all NetBIOS traffic, you must block both incoming and outgoing traffic to these port numbers. Linux: A Network Solution for Your Office ContentsIndex Chapter 11: Firewalls: What to Protect Against Previous ChapterNext Chapter Sections in this Chapter: What Firewalls Do Setting Up a Linux Firewall Do You Need a Firewall? Summary What to Protect Against Manual Pages Previous SectionNext Section © Copyright Macmillan USA. All rights reserved. |