Admin Digest: The Basics of Linux Network Security
Stop The Evil Forces Of The Internet With Firewalls
Rob Reilly
Monday, January 6, 2003 01:36:47 PM
A firewall is a device that protects a private network from the wider
Internet. The simplest form of firewall is a Linux machine with one
network connection ( an Ethernet card or modem ) connected to the
Internet and the other connected to the private network. The Firewall
computer can reach the protected network and the Internet. This
traffic between the protected network and the Internet is controlled,
in both directions by a list of rules. These rules can be customized
for your needs. CoyoteLinux.com has a firewall
system that fits on a floppy and doesn't need a hard disk to run.
It's design specifically to address the need for an easy to install
no-nonsense Linux firewall.
You might take a look at running a hardware firewall appliance. These
devices are small routers or switches that have built-in firewalls.
They generally allow limited setup of rules to allow packets to pass
back and forth. They don't provide as much flexibility for rules as
dedicated Linux firewalls. Usually the availability is good with some
even being equipped with four or more RJ-45 ports and a wireless access
point, all for around $100.
All data flowing to and from the Internet and the private network is
filtered by the firewall. Inside the private network less care needs
to be taken with turning off services and the like. It is a way of
concentrating effort on making one machine secure and protecting many
others in the process. The methods for correctly setting up firewalls
are quite complex. First you have to configure your machine for two
Ethernet cards. Then you have to use the IP-chains/IP-tables software
to set up filters which connect the two Ethernet cards data links.
The main drawback with making your systems more secure is that they
become less accessible. The idea behind ramping up your system's
security is to stop use of your computers, by crooks, thieves and
malcontents. Before implementing any of the ideas in this article you
should consider carefully the opposite side of the coin: the systems
are there to be used by your users! Linux has a wide range of
security tools and by carefully combining various techniques and
programs, you should be able to come up with a good balance between
ready access and system security.
Rob Reilly (aka:
"Dr. Torque") is a senior technology consultant, whose work includes
Linux, business integration, innovation training and occasional hot
rodding excursions. He frequently writes and speaks about these and
other topics. He has 16 years experience in the high technology,
manufacturing and the utilities industries. He is always
'on-the-lookout' for stories and projects that focus on Linux,
business and the cutting edge. Send him a note or visit his web site
at http://home.cfl.rr.com/rreilly.
« Back: Introduction
