What is Digg?44 Comments
- 5m0k3, on 10/12/2007, -7/+27Switching to Linux is the first (and arguably, most important) security measure.. :)
- blkdiamond, on 10/12/2007, -0/+16A much more in depth list of security tools:
http://sectools.org/ - xJudahx, on 10/12/2007, -2/+16you're a tool
- x3nos, on 10/12/2007, -0/+13Wow a front page Linux article that doesn't have Ubuntu in the title! I am impressed.
- ndonohue, on 10/12/2007, -1/+11Every time I log into Digg, there's something about linux on the front page. I can honestly say this place has been my single greatest resource for switching.
- DoctaStooge, on 10/12/2007, -0/+7@ troopneuman
"there are tons of high quality FREE Linux tools here"
um, you do know that pretty much everything made for Linux is open source and free right?
Also, this isn't the place to spam links to crappy sites. - ViceVirtue, on 10/12/2007, -0/+6IP Tables (part of the kernel)
Most/All firewall applications are basically an interface to that system. - bluemonki, on 10/12/2007, -0/+6as xJudahx said : "You're a tool"
- senfo, on 10/12/2007, -1/+7You're a complete moron. DHCP has nothing to do with how people can access your computer. It stands for Dynamic Host Configuration Protocol, and is a protocol designed for assigning dynamic IP addresses to devices on a network. If your background servers have security holes (including weak passwords, for example) any attacker with half a brain could find his way in. Stop spewing your nonsense on digg.
- ViceVirtue, on 10/12/2007, -0/+4Gentoo linux has many, if not all available SE Linux options
- robojerk, on 10/12/2007, -0/+4He must get paid for linking that site or something...
- BransonLAN, on 10/12/2007, -0/+4So what you're saying is that you don't need a firewall unless you're running a server of some type?
- senfo, on 10/12/2007, -0/+3If you can't even get your terminologies correct, don't even bother trying to argue against my post. DHCP has absolutely nothing to do with a firewall, routing or NAT. Get that through your head. If that were the case, nearly every cable, DSL and dialup customer on the planet would be secure because every ISP I know of requires DHCP to assign an address to the customer machine unless the customer specifically requested a static IP.
What's protecting users behind those devices from Best Buy isn't DHCP, it's the fact that there is no route to connect Internet traffic to the host at the other side. Learn basic routing techniques, then come back and we can talk. - jdwyckoff, on 10/12/2007, -1/+4Firestarter
http://www.fs-security.com/ - simpleid, on 10/12/2007, -0/+3Linux STD live CD is handy as well...
http://s-t-d.org - clearzen, on 10/12/2007, -0/+3I think Metasploit should be on that list
- x3nos, on 10/12/2007, -0/+3I haven't been to insecure.org in awhile. Thanks for reminding me. And it looks to still be maintained and updated. Very cool.
I seem to remember PHLAK being in their list at one point too. Didn't see it in the first 50. - ndonohue, on 10/12/2007, -1/+3Can anyone tell me a good firewall application for linux? greatly appreciated.
- themattreid, on 10/12/2007, -0/+2These apps are all very basic security tools that any sysadmin or secadmin would already know about. Besides they missed several good apps:
- Nikto
- GHBA
- Ettercap
- Etherape
- TcpDump
- So many more...
A very useful security site: http://zone-h.org and downloads of 1000s of security tools and scripts http://www.zone-h.org/component/option,com_remository/Itemid,47/ - skymt, on 10/12/2007, -1/+3"Top 10 AWESOME Ubuntu security tools!"
Title says it all. - bbnkstr, on 10/12/2007, -1/+3no thanks, i prefer Google
- beermad, on 10/12/2007, -0/+1Guarddog (http://www.simonzone.com/software/guarddog/) is a very good GUI tool which you can use to generate a customised firewall using iptables. Much easier than editing the rules yourself.
- valkyries, on 10/12/2007, -0/+1smoothwall seemed to be easy to setup, and its only 50mb
- Darksat, on 10/12/2007, -0/+1If you want security, get backtrack linux.
Im surprised Clan Antivirus is at number 3
This is probably a better list.
http://darksat.x47.net/index.php?topic=684.0 - Agret, on 10/12/2007, -0/+1@beermad
That's debatable, I find editing myself to be much easier. - inactive, on 10/12/2007, -0/+1STD is quite an awesome distro indeed! I also like how the default WM is fluxbox. Not many live CDs do that anymore.
- skymt, on 10/12/2007, -0/+1@senfo: "You're not pointing out anything because everything you said was wrong."
Okay, I'll listen. Tell me what exactly a Firewall does on a stock Ubuntu or Arch desktop. Linux firewalls don't do application-level blocking of outgoing connections, so that's out. Any distro worth using doesn't install and run Sendmail, Apache or similar in the default desktop install. What is there to block?
EDIT: Heh, forgot to hit "reply". Look 5 threads up. - senfo, on 10/12/2007, -1/+2You're not pointing out anything because everything you said was wrong.
- schestowitz, on 10/12/2007, -1/+2Also, Novell has Apparmor < http://www.novell.com/linux/security/apparmor/ >, but they have lost their way.
- inactive, on 10/12/2007, -0/+1great list,though not for most people really.
Most people are fine with Suse +App Armor or Redhat/Fedora + SE Linux and just have iptables setup right, have clamav... maybe be behind a nat or router and you're good to go.
Now if you're talking enterprise level, then yeah.. you might want to consider these tools.
Just like with any OS though, do you updates folks. - trigxm, on 10/12/2007, -0/+0have a look at
http://www.localareasecurity.com/
no doubt, mentioned several times. - allanq, on 10/12/2007, -0/+0I recommend also checking out the list of Top 100 Network Security Tools.
http://sectools.org/ - Sotired, on 10/12/2007, -2/+2Fine if you have no reason to access a box remotely, However there are loads of people out there with loads of different scenarios/ usage. If you think your system can not be compromised, regardless of OS, you are mistaken. I happen to be one of those monkeys needing a firewall.
@ ndonohue , most distro's have a firewall option you may just have to do a little digging(not DIGGING) to see what applies to you. While AMIGHTYWIND is somewhat correct , that you are basically safe(ish) behind a router, if you do any port forwarding , you do need to secure your machine. You probably don't need a dedicated firewall but a firewall app on the box should give you a reasonable level of protection.
If someone wants onto a system bad enough they will get in. I stand by that belief. - drag, on 10/12/2007, -0/+0rootkit detection software is not good.
It'll just serve to lull you into a false sense of security..
I am not saying that you shouldn't use them, just keep in mind that they are unable (as in probably a 70-90% failure rate) to detect any sort of rootkit that is remotely modern (that is modern kernel level rootkits).
The way you detect those is by using Tripwire in a correct manner.. that is boot the system up in a trusted system (like a live linux cdrom) and store the checksums on read-only (or always normally offline) media.
Of course that is a huge pain in the ass. The thing you can do as normal users is be pro-active in your security. Realy anti-virus, anti-spyware, anti-rootkit stuff is a complete waste of time unless it leads to a detection. After you detected or think there is something wrong a wipe and reinstall of the OS is the easiest and best way to clean out a rootkit. This is the same for any other OS. - drag, on 10/12/2007, -0/+0Well I just want to point out the fact that although you are right (mostly) your not actually counteracting any thing senfo said. Weither or not you need a firewall or don't need a firewall doesn't have anything to do with DHCP. The other person (amightywind) originally stated they were safe because they were using DHCP, which is completely irrelevent.
Arguing further is just confusing the issue, your going off on the tangent about firewalls even though nothing about firewalls was originally stated and nothing Senfo said had anything to do with firewalls. Your probably not telling him anything he does not already know.
(plus although I think it's possible to do application-specific firewalls in Linux, that sort of thing is generally worthless and not realy worth your time.) - inactive, on 10/12/2007, -3/+2@senfo
Get your head out of your ass and accept a simple idea. I am pointing out that most users are not running web or other public servers. Make sure no public servers are running unnecessarily so there is nothing to firewall. Does that make it simpler for you? Stick to Windoze you cretin. - skymt, on 10/12/2007, -2/+1You don't need a firewall on a Linux desktop. If you aren't running any server software, no incoming connections will be accepted anyway. If you are running a server, why would you want to block your clients?
The only time a firewall on a desktop machine is actually useful is on Windows, which has a few network services enabled by default. - thesteampunk, on 10/12/2007, -2/+1It looks like the article is listing independent software bundles, not kernel modules.
- snowzone, on 10/12/2007, -1/+0is this really news? i went there expecting to see something new. anybody using linux is probably already familiar with/using these tools.
they're likely too advanced for linux newbies - randomc0de, on 10/12/2007, -3/+1@senfo
Amightywind is pointing out that running a DHCP server means any box on the subnet is NAT'ted through the server. So if the server has one service running - DHCP, and ignores all connections from the outside, it is essentially a hardware firewall. Actually, it's the definition of a hardware firewall. That's why all those gateway/routers you see at Best Buy advertise they have a built in firewall. They really don't... but technically they do. I know DHCP isn't crucial to NAT, but almost nobody sets static IP addresses on a home network.
As far as outside connection go, turn on SSH, disable root logins, ban IP's after 3 misses, and don't use any one-word login names. You can tunnel anything over SSH. If you tell me SSH isn't secure, I'll show you an internet that would fall apart if that were true. - inactive, on 10/12/2007, -10/+5If you are a DHCP Linux client user (most people), you have no need for firewalls or other security tools. Make sure your background servers run as the appropriate user (nobody) and understand your system's group permission structure. Use non-trivial passwords. Gentoo provides a very thin, safe base system. By default you will not be running inetd or RPC services. There is no path into your system. I laugh at you monkeys running elaborate firewalls.
- ajneil, on 10/12/2007, -8/+0Waste of space, buried. Not even a mention od selinux.
- inactive, on 10/12/2007, -17/+0there are tons of high quality FREE linux tools here
http://www.searchjerk.com/cgi-bin/smartsearch/smartsearch.cgi?keywords=free%20high%20quality%20linux%20tools - inactive, on 10/12/2007, -48/+0there are tons of high quality FREE linux tools here
http://www.searchjerk.com/cgi-bin/smartsearch/smartsearch.cgi?keywords=free%20high%20quality%20linux%20tools
Digg is coming to a city (and computer) near you! Check out all the details on our 
© Digg Inc. 2009
— Content created and posted by Digg users is