Revision history - LinuxExchange

Revision history[back]

1) Setup pfSense on a PC with 2 NICs, one for LAN and one for WAN. The LinkSys SOHO stuff is nice, but limited. 2) Yes, running a firewall on the PC itself is good, but that's like locking your bedroom door, whereas locking down a router is like locking the front door to your house. The router is the most important of the two, but both is ideal. Also remember, that you can lockdown user accounts by specifying which ports may go in and out...so Marcy can FTP out, but Tom cannot. 3) Learn iptables via the command line. It will be invaluable. 4) Do not REJECT packets, as that verifies something is there, instead, DROP them. 5) Use fwbuilder (Firewall Builder) to make configuring your firewall easier, but do NOT use this as a substitute for NOT learning iptables via the command line. Remember, it's more important HOW your firewall is configured vs which firewall you use -- regardless of the features of it. 6) Security is not a setting. It is a mindset. It is a way of thinking, acting, and being every second of every day. The greatest strength in security is also the greatest weakness as well.... that of the end-user. 7) It is not a matter of IF, but WHEN someone WILL get in if they want into a system or network bad enough. 8) In Ubuntu 10.04LTS, sudo apt-get install iptables-persistent && sudo ufw enable 9) About doing things as the root user, you can do the same amount of damage as sudo. FOr example, login as root and rm -rf /* and sudo it, the results are the same...the difference is that when you login as the root user, x.org and everything else has root privileges as well. Ubuntu by default disables the root account, which limits many issues. 10) While not Linux (it's BSD), OpenBSD is very secure, as is SELinux. All Linux is secure, moreso than Windows, but those variants of Linux/ BSD are even more so. EDIT: While many recommend firestarter and it is indeed a good program, I highly recommend fwbuilder instead because of its features and flexibility.

Please note that LinuxExchange will be shutting down on December 31st, 2016. Visit this thread for additional information and to provide feedback.