Linux Firewall - Page 4.5

We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.

Discover Firewalls News

JavaScript Malware Strikes Firewalls

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

All ports were open to the world and practically every application had holes in it. It was like the Wild West. Eventually application security became a big deal as more serious issues were uncovered and more commerce depended upon secure platforms. Network security was next on the scene. It made sense to build a single choke point for all security needs. It was slick because it could see all the packets in transit to and from your servers, and turn off all access to anything that had a known hole in it. Those were the good times. Times have since changed.

Cisco Flaws Leave Firewalls, VPNs Vulnerable

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Network routing and switching giant Cisco Systems has issued an alert for a potentially serious security flaw affecting multiple firewall products, warning that the bug could cause passwords to be changed without any user interaction.

Firewall Chip Gets Funding

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

EU funding of 2 million Euros has been announced for a major new three-year project to develop a re-configurable photonic 'firewall on a chip'. Called WISDOM, (WIrespeed Security Domains Using Optical Monitoring), the new system will plug a major gap in the global data network security armoury - the lack of tools to implement security checks and algorithms directly at high optical data communications rates.

Super Firewall Aims to Stop DDOS

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Computer researchers in Europe are developing a new prototype architecture for halting distributed denial-of-service (DDOS) attacks, where a barrage of traffic is directed at a Web site or server to shut it down.The Diadem Firewall deploys both hardware and software on the edge of a provider's network rather than within, said Georg Carle, chair of the computing and Internet department at the University of T

iptables: The Linux Firewall Administration Program

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

"Packet-Filtering Concepts," covers the background ideas and concepts behind a packet-filtering firewall. Each built-in rule chain has its own default policy. Each rule can apply not only to an individual chain, but also to a specific network interface, message protocol type (such as TCP, UDP, or ICMP), and service port or ICMP message type number. Individual acceptance, denial, and rejection rules are defined for the INPUT chain and the OUTPUT chain, as well as for the FORWARD chain, which you'll learn about at the end of this chapter and in Chapter 6, "Packet Forwarding." The next chapter pulls those ideas together to demonstrate how to build a simple, single-system, custom-designed firewall for your site.

Installing a firewall on Ubuntu

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Ubuntu's desktop install provides a bunch of useful software for desktop users, but it doesn't install a firewall by default. Luckily, it's really simple to get a firewall up and running on Ubuntu. Frankly, I'm glad that the default install doesn't set up a firewall. Most of my computers live behind a firewall at all times anyway, and I've always been annoyed by installers that demand I deal with firewall questions when I've already got the situation well in hand. If I want a firewall on a machine, I can set one up on my own. Since Ubuntu is, in part, aimed at corporate desktops, a firewall is unnecessary for many installations.

Standards In Desktop Firewall Policies

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The idea of a common desktop firewall policy in any size organization is a very good thing. It makes responses to external or internal situations such as virus outbreaks or network-oriented propagation of viruses more predictable. In addition to providing a level of protection against port scanning, attacks or software vulnerabilities, it can provide the organizations local security team a baseline or starting point in dealing with such events. The purpose of this article is to discuss the need for a desktop firewall policy within an organization, determine how it should be formed, and provide an example of one along with the security benefits it provides an organization.

Security Without Firewalls: Sensible Or Silly?

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

For years, infosec experts have called the firewall a critical ingredient to security, whether it's in a large enterprise or on a home PC. But the San Diego Supercomputer Center (SDSC) has defied that logic with what some would consider surprising success. Abe Singer, computer security manager for the SDSC's Security Technologies Group, explained how companies can maintain strong firewall-free security at the 2006 USENIX Annual Technical Conference Thursday. He has also produced a presentation (.pdf) on the subject.

MicroWorld to Launch Futuristic Network Firewall

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

MicroWorld Technologies launched its futuristic, enterprise class firewall eConceal. eConceal is a comprehensive network firewall developed to prevent unauthorized access to a computer or network connected to the Internet. It enforces a boundary between two or more networks by implementing default or user-defined Access Control Policies or Rules. These rules function as filters by analyzing data packets to see if they fulfill the filter criteria and then allow or block the traffic accordingly.

Test-driving RouterOS 2.9

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Would you like to have a Linux-based router capable of doing tasks such as stateful firewall inspection, virtual private networking, and traffic shaping, in addition to packet routing? Tired of having to do administration from the command line but want to be able to administer your box from a Windows-based client PC? MikroTik's RouterOS may what you need. You can boot RouterOS via diskette, CD, or over the network via PXE or Etherboot-enabled network interface card. You can find a full list of RouterOS technical specifications at the homepage.

How To Test Your Linux-Distro Firewall

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Recently, I wrote an article about "How to scan your Linux-Distro for Root Kits". Now that the machine is... clean! I think, a good thing TO-DO, is to test my Firewall (AGAIN!) The good news are that we can use the free tool FTester. The bad news are that FTester needs to be configured right...So...Let's get to work!

Firewall Migration

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

When birds migrate, they expend a huge amount of energy winging their way from one place to another, depending on sheer endurance to complete the journey safely. And so, it seems, it goes with with security managers faced with swapping out their gateway firewalls. Firewall migration for mid- to large-sized enterprises in particular appears to be a lengthy project indeed when organizations migrate from one vendor's firewall to another since by all accounts, firewall product design differs substantially. Our story this week looks at the topic.

All-in-one Linux Firewall touts ease of use, advanced features

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

If you haven't checked out Endian Firewall yet, download the code and give it a try. Endian Firewall is a packaged Linux security distribution that combines several open source firewall, VPN and anti-virus packages with a hardened Linux operating system. There are many Linux security appliance packages out there, so Endian is hoping to differentiate its distribution with ease-of-use management and set-up features. According to the developers' Web site, the "turn-key" package was created with "usability in mind ... without losing its flexibility." A set of browser-based wizards is used for setup, configuration and maintenance, and the software can be installed via the RPM package manager standard.

Roll Your Own Firewall

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Over the years I have learned how to roll my own firewall script and call it from /etc directory. Of course, my firewall is only INPUT based, instead of INPUT and OUTPUT based, but I find that building an INPUT/OUTPUT based firewall is tremendously difficult and not really all that necessary if you use good download practices on your Linux server or PC and/or if you're already behind a NAT router (such as a home-based DSL or cable router or wireless router) or other firewall.

Review: Advancing Firewall Protection

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

With more than one million users, U.K.-based SmoothWall’s Firewall may just be the most popular software firewall that has yet to become a household name. Test Center engineers recently took at look at products from SmoothWall to see what all the buzz is about and to see exactly why one million users have chosen the product.

Adaptive Firewalls with iptables

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Up until now, we've looked at stateless and stateful firewalls. Remember, stateless firewalls only have the features of a given packet to use as criteria for whether that packet should be passed, blocked, or logged. With a stateful firewall, in addition to the fields in that packet, we also have access to the kernel's table of open connections to use in deciding the fate of this packet. There's a problem, though. Picture an attacker that has launched attacks against almost every port on our web server box for the past half hour. The firewall has successfully repelled all of them, but now the attacker turns her attentions to port 80. All of the hostile overflow attempts are let through unhindered. Why? Because the firewall ruleset allows all traffic to the web server through, and our firewall can't remember the fact that this IP address has been pounding all the other ports on the system.

Help's A Firewall Away

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Flash back to December 2002. Barely in his 20s, self-taught network engineer and help-desk staffer Joel Bomgaars is frustrated because firewalls prevent him from accessing PCs of users needing help. At his cubical at systems integrator Business Communications Inc., he has an epiphany: Instead of accessing the user's computer, have the user request help by going to a Web site. That would clear the firewall hurdles, because firewalls only block incoming messages. The idea worked, and Bomgaars was able to connect with a user within 10 seconds.

Free Tool for Netfilter Announced

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

In an effort to support the open source community, Solsoft Inc., the leading provider of network security policy management software, today announced its Solsoft NetfilterOne, a graphical interface that will automate the design, deployment and documentation of security rules and policies as they pertain to a networked netfilter firewall.

IptablesWeb v.1.0

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

IptablesWeb is a free software (under GPL licence): it makes possible to inspect iptables logs by using a web browser. It's a plugin-based multilanguage software written in PHP using 3 free php classes. More information: IptablesWeb