[Courses] [Security] Firewall theory -- general
Hamster
hamster at hamsternet.org
Mon Mar 11 23:24:43 EST 2002
>
> In general, there are three sorts of packets that you need to be
> concerned about -- TCP, UDP, and ICMP. (There are others, and we'll get
> into them, but let's start simple.) Think about what sorts of traffic
> you'd want to allow in, and out. You can also forward traffic
> selectively, and do IP masquerading and NAT. Let's skip those for now,
> though we will come back to them later.
>
> So, let's start with my Linux box. You've seen the services it
> offers. What do you think would be good TCP traffic to let in? To
> block? To let out? What about UDP? Are you guys familiar with the
> differences between them? (If not, say so and we'll go over that. A
> good understanding of protocols is fundamental to understanding
> firewalling.)
>
> If you were going to build me a firewall, what would you do?
>
I'll jump in and make myself look silly :)
Now, I cant remember the details of your box exactly, but based on the following assumptions:
You're running: ftp
www
ssh
smtp
so we let these in ;-)
If I was being paranoid, I would set the default action to DROP on your external interface, except for the services youre running.
But if I am being less paranoid... I would block incoming on your external interface:
finger
telnet
DHCP
DNS
POP3
netbios
imap
snmp
irc
tftp (udp) maybe?
So have fun picking this list to pieces. Sorry if I made a wrong assumption somewhere too.
Hamster
More information about the Courses
mailing list