Showing posts with label Enhance Linuxbox Security. Show all posts
Showing posts with label Enhance Linuxbox Security. Show all posts

Thursday, December 30, 2010

Enhance Linuxbox Security : Iptables Printer Rules to Limit Access to Local LAN.

Assume a topology of a local LAN connected to the internet through a gateway in which you are configuring Iptables firewall. This gateway is attached to a printer & running a print server. The LAN belongs to 192.168.1.0/24 ip range. We want to limit the access of printer within the local LAN & bar the printer access from the outside internet. See figure.

Read more »
Posted by Unknown at 12/30/2010 10:36:00 PM 0 comments
Labels: ,

Enhance Linuxbox Security : Creating a Custom Chain in Iptables

Read this post before proceeding as it contains simple basic firewall configuration file.
We can customize the flow of rules in iptables by creating new custom chains. The flow of rules in iptables follows the sequence of their execution.

Read more »
Posted by Unknown at 12/30/2010 08:50:00 PM 0 comments
Labels: , ,

Saturday, December 25, 2010

Enhance Linuxbox Security : Basic Iptables Firewall Configuration

If you are not familiar with Iptables, read this posts first.
http://linux-techy.blogspot.com/2010/04/enhance-linux-box-security-iptables.html
http://linux-techy.blogspot.com/2010/04/enhance-linux-box-security-iptables_30.html
http://linux-techy.blogspot.com/2010/06/enhance-linux-box-security-iptables.html
http://linux-techy.blogspot.com/2010/06/enhance-linux-box-security-iptables_27.html
http://linux-techy.blogspot.com/2010/06/enhance-linux-box-security-iptables_2179.html
http://linux-techy.blogspot.com/2010/12/enhance-linuxbox-security-know-all.html
 In this post, I have tried to build a simple & basic iptables firewall for filtering the outside traffic.  I’m going to create a simple shell script  which is independent to the topology of network. Later on we will add complexity to the file as per the need & topology.
Read more »
Posted by Unknown at 12/25/2010 07:07:00 PM 0 comments
Labels: , ,

Tuesday, December 14, 2010

Enhance Linuxbox Security : Know all services listening on some ports.

There is a inbuilt tool used in Linux that can be used to list the services listening on some ports of your system. This is important because of the following reasons:
  • Any malware or spyware compromising your security can be noticed & traced. 
  • Check on the (unencrypted) packets which can be easily sniffed in open (wifi) network.
 Netstat is the tool. Execute the command to list the services which are listening to some ports.
$netstat -nap
Read more »
Posted by Unknown at 12/14/2010 09:30:00 PM 0 comments
Labels: , , , ,

Sunday, June 27, 2010

Enhance Linux Box Security: Iptables made easy - tutorial part 4

This time we are concern with mangle rules of iptables.
Mangling of packets is done only with NAT and is a part of the NAT process. In NAT, we can "mangle" a packet as modifying the Source IP address and Destination IP address fields of the IP header.
Format of IP PACKET

Read more »
Posted by Unknown at 6/27/2010 09:22:00 PM 0 comments
Labels: ,

Enhance Linux Box Security: Iptables made easy - tutorial part 3.2

We were left with Destination Network Address Translation part of the NAT rules of the iptables.

DNAT Destination NAT, deals with Prerouting & used to rewrite the Destination IP address of a packet. It's used for appending the destination IP for the packets meant for our internal LAN machines. When the packet reaches our external public IP, its destination address is DNATed & the packet is transferred to the local internal LAN machine. DNAT can only be used with prerouting & output chain. It is meant for all input packets/interface therefore '-i'. Destination NAT is specified using `-j DNAT', and the `--to-destination' option specifies an IP address, a range of IP addresses, and an optional port or range of ports (for UDP and TCP protocols only).

Read more »
Posted by Unknown at 6/27/2010 03:46:00 PM 0 comments
Labels: ,

Friday, June 25, 2010

Enhance Linux Box Security: Iptables made easy - tutorial part 3.1

This time, we will deal with NAT rules of iptables. NAT means Network Address Translation.
It is of 2 types - SNAT & DNAT
SNAT means Source NAT, deals with Postrouting/Masquerading. The SNAT target means that this target will rewrite the Source IP address in the IP header of the packet. It's used for hiding the private IPs from the internet. Packets leaving from an internal LAN when reaches the public IP or the firewall (visible to internet) is SNATed & then transferred to the destination. It appears to the external internet as if our external public IP is the originator of the packet. Postrouting is used in case of static IPs whereas Masquerading is used in case of dynamic IPs

The `-o' option is used as it is an outgoing interface. `-j SNAT' specifies Source NAT and the `--to-source' option specifies an IP address, a range of IP addresses, and
an optional port or range of ports (for UDP and TCP protocols only).
Read more »
Posted by Unknown at 6/25/2010 09:48:00 AM 0 comments
Labels: ,

Friday, April 30, 2010

Enhance Linux Box Security: Iptables made easy - tutorial part 2

This time, we will deal with filter rules of iptables. While using filter rules, we don't need to write filter as it default option in iptables.
We have three chains here input, output & forward.
Input chain checks those packets which are originate outside & meant for machine
Output chain checks those packets which originate from the machine & meant for outer systems
Forward chain checks those packets which are being routed from our machine.
The best way of implementing the iptables is to create a shell script & execute it.

Read more »
Posted by Unknown at 4/30/2010 07:47:00 PM 0 comments
Labels: ,
Subscribe to: Posts (Atom)