desk top security with DSL

pkands · #1 6th August 2004, 02:30 PM

I am using FC2 with the default wirewall on my home desktop. Should I be using a hardware router for security with the DSL connection?
Thanks.

Quella · #2 6th August 2004, 02:42 PM

As a security consultant, I would recommend that you use a hardware firewall along with your host firewall. If you do not wish to spend the money on a hardware firewall, I would suggest you make some good choices on how your firewall is configured on the FC2 box. I would also recommend that you disable all services that you will nto be using on this system helping to mitigate security risks. I would also setup YUM to do the automated update installs to keep your software updated from security issues.

My few thoughts.

Quella

Ned · #3 6th August 2004, 03:09 PM

I totally agree

Running the software firewall with all services closed will give you pretty good protection (all your posts will be stealthed - you can check this at www.grc.com - use the ShieldsUp tool)

Then disable all services such as ssh, ftpd, httpd etc that you're not running and as said above, keep your system up to date.

Don't forget the importance of good strong passwords - mix lower and uppercase alphanumerics and symbols.

A simple NAT router will give you a further level of hardware protection and a modern one with an spi (stateful packet inspection) firewall is better still. The consumer models are not that expensive - I recently bought a netgear DG834 ADSL modem/router with 4-port switch and SPI firewall built in for £62.00.

Either way, you'll be a lot better protected than those poor souls running a MS OS

Hope that helps,

Ned

Quella · #4 6th August 2004, 03:13 PM

NED...thanks for the followup and additional data on the use of strong passwords. I really like to use passphrases myself. Linux can support three or four word sentances that can be easy to remember. Things like "MyCatIsBlue", etc. Sometimes these can be stronger than just a password. Great advice NED.

Quella

Ned · #5 6th August 2004, 11:34 PM

No problem.

Whilst on the subject of passwords, another good tip is to choose a phrase you can remember and use the first letters/numbers of it alternating upper and lower case. e.g.

"one fine day I took my dog for a walk at the beach"

could be

1FdItMdFaW@Tb

You get the idea - simple to remember but long, apparently random and containing numbers, upper and lower case characters and symbols. Makes it very difficult to crack.

People tend to overlook passwords, often choosing very simple ones, unless forced by their system admin to do otherwise. Then they forget them so they end up writing them down

Ned

crackers · #6 7th August 2004, 04:51 AM

And stick them to their monitors on PostItNotes (tm). Or in the bottom of the top-right drawer.

*sigh*

Ned · #7 7th August 2004, 06:06 AM

Quote:

Originally Posted by crackers

And stick them to their monitors on PostItNotes (tm). Or in the bottom of the top-right drawer.

*sigh*

hhmmm...

Exposed password = written warning
3 written warnings = instant dismissal

It's absolutely amazing how once someone loses their job, others soon start taking what you're saying seriously

I'm a nice guy really

Ned

crackers · #8 7th August 2004, 07:05 AM

Fortunately, around my workplace, most of the now-Managers used to be Unix weenies. I haven't seen either of those incredibly dumb "reminders" in over 5 years. I think it might be endemic to Windows users...