Security in Depth: Use Multiple Firewalls [COLUG]
Bill Baker
bill_chris at earthlink.net
Thu Jan 11 17:06:55 EST 2007
On Thu, 2007-01-11 at 15:39 -0500, Jim wrote:
> Bill Baker wrote:
>
> > On Thu, 2007-01-11 at 13:26 -0500, Jim wrote:
> > > It's prudent to [run a firewall on your Linux box
> > > (in _addition_ to the dedicated firewall)].
> >
> > Why? I already have a separate firewall running on my network.
>
> Security in depth.
>
> This is even more important since you have Windows computers
> on your LAN. Windows computers are easily compromised, even
> behind firewalls, and are then used as a jumping board from
> which to attack and compromise other computers on the LAN.
> It's easier to attack compromise your Linux computer from a
> Windows computer on your LAN than it is to directly attack your
> Linux computer from the Internet.
>
> > > When you do use iptables, check your Samba stuff including smb:// again.
> > > I think it took seven rules to get SMB and NMB to work.
> >
> > Rob's solution seems to have fixed it for me.
> > Are you saying I still need to do more?
>
> Yes.
>
> You need to get the firewall stuff running on your Linux computer.
> When you do that, it'll likely break some things that used to work.
> Two of the things likely to be broken are the SMB and NMB protocols.
> I was giving you a head's up on that.
Okay. Thanks for your advice.
More information about the colug432
mailing list