Know Your Enemy - Network Security

[Ben Webb]

This is a pretty good article.  I'm currently working an a set of scripts to set IPCHAINS up for 
the security concious home user.  Right now I just need to develop a wrapper for ifconfig so that I 
can just return the IP address.  

When complete, these scripts will set ipchains up so that no tcp connections are allowed in, only 
dns udp from your domain servers (specified in resolv.conf) is allowed in, no outbound traffic is 
allowed to doubleclick, and you will have the option on whether or not to answer icmp requests.  If 
anyone has any ideas on what I should add, please let me know.

Benjamin R. Webb

PS: This configuration passes shieldsup (www.grc.com) and dnsreports (www.dnsreports.com) with 
flying colors.  I've also had people nmap scan me from the internet - they can not identify the OS, 
let alone find any ports.

---------- Original Message ----------------------------------
From: Brian Kelsay <bkelsay at askpioneer.com>
Reply-To: kclug at kclug.org

>  Here's a link to an interesting primer on network security.  It's a real
eye-opener.  I'm only on the first part of three as I'm checking a lot of
the embedded links in the article and actually trying to work today.

Later,
Brian
 
 http://www.enteract.com/%7Elspitz/enemy.html