From: "Ben Webb" <brwebb@transmuto.com> Date: Fri, 14 Jul 2000 12:35:37 -0500 Subject: Re: kclug - Know Your Enemy - Network Security Message-Id: <200007141230828.SM00337@mail.transmuto.com>
This is a pretty good article. I'm currently working an a set of scripts to set IPCHAINS up for the security concious home user. Right now I just need to develop a wrapper for ifconfig so that I can just return the IP address.
When complete, these scripts will set ipchains up so that no tcp connections are allowed in, only dns udp from your domain servers (specified in resolv.conf) is allowed in, no outbound traffic is allowed to doubleclick, and you will have the option on whether or not to answer icmp requests. If anyone has any ideas on what I should add, please let me know.
Benjamin R. Webb
PS: This configuration passes shieldsup (www.grc.com) and dnsreports (www.dnsreports.com) with flying colors. I've also had people nmap scan me from the internet - they can not identify the OS, let alone find any ports.
---------- Original Message ----------------------------------
From: Brian Kelsay <bkelsay@askpioneer.com>
Reply-To: kclug@kclug.org
Date: Fri, 14 Jul 2000 12:35:37 -0500
> Here's a link to an interesting primer on network security. It's a real
eye-opener. I'm only on the first part of three as I'm checking a lot of
the embedded links in the article and actually trying to work today.
Later,
Brian
http://www.enteract.com/%7Elspitz/enemy.html
============================================================
Mailing list powered by: Majordomo 1.94.5
To unsubscribe from this list, send mail to
majordomo@kclug.org and in the body put:
unsubscribe kclug
============================================================
--------------C43F33A32338B8EDF57825D7