UNIX/ Linux | Firewall | Exp - 10
Firewall and Proxy Server
A firewall is software used to maintain the security of a private network. Firewalls block unauthorized access to or from private networks and are often employed to prevent unauthorized Web users or illicit software from gaining access to private networks connected to the Internet. A firewall may be implemented using hardware, software, or a combination of both.
A firewall is recognized as the first line of defense in securing sensitive information. For better safety, the data can be encrypted.
Firewalls generally use two or more of the following methods:
- Packet Filtering: Firewalls filter packets that attempt to enter or leave a network and either accept or reject them depending on the predefined set of filter rules.
- Application Gateway: The application gateway technique employs security methods applied to certain applications such as Telnet and File Transfer Protocol servers.
- Circuit-Level Gateway: A circuit-level gateway applies these methods when a connection such as Transmission Control Protocol is established and packets start to move.
- Proxy Servers: Proxy servers can mask real network addresses and intercept every message that enters or leaves a network.
- Stateful Inspection or Dynamic Packet Filtering: This method compares not just the header information, but also a packet’s most important inbound and outbound data parts. These are then compared to a trusted information database for characteristic matches. This determines whether the information is authorized to cross the firewall into the network.
For more info visit Techopedia
Iptables
Iptables is an extremely flexible firewall utility built for Linux operating systems. Whether you’re a novice Linux geek or a system administrator, there’s probably some way that iptables can be a great use to you. Read on as we show you how to configure the most versatile Linux firewall.
How to configure the firewall manually:
Working with iptables manually can be complicated. We have a quick fix at the bottom of our section you can try. Read on for more.
Step 1: Retrieve the Iptables firewall:
Iptables is pre-installed on almost every Linux distribution. You can use this command to retrieve the package:
sudo apt-get install iptables
Step 2: Discover what Iptables is already configured to do by default:
Run the iptable L command
Step 3: You can decide to modify the existing rules or instead start afresh:
To start afresh, run this command
iptables-F
Step 4: Decide which firewall ports to close:
First block all lines of attack by running the following commands:
Block XMAS Packets: iptables -A INPUT -p tcp –tcp-flags ALL ALL -j DROP
Block null packets: iptables -A INPUT -p tcp –tcp-flags ALL NONE -j DROP
Block syn-flood packets: iptables -A INPUT -p tcp ! –syn -m state –state NEW -j DROP
Step 5: Decide which firewall ports to leave open:
Here are some ports you could decide to leave open:
For outgoing connections:
- 80/tcp for HTTP
- 53/udp for DNS
- 443/tcp for HTTPS (secured HTTP)
- 21/tcp for FTP (File Transfer Protocol)
- 465/tcp for SMTP (send emails)
- 25/tcp for Insecure SMTP
- 22/tcp for SSH (secure connection from computer to computer)
- 993/tcp&udp for IMAP (receive emails)
- 143/tcp&udp for Insecure IMAP
- 9418/tcp for GIT (version control system)
For Incoming connections:
- 993/tcp&udp for IMAP (receive emails)
- 143/tcp&udp for Insecure IMAP
- 110/tcp for POP3 (old way to receive emails)
- 22/tcp for SSH (secure connection from computer to computer)
- 9418/tcp for GIT (version control system)
Step 6: Save your firewall configuration
Type the following command to save the settings you’ve configured and restart your firewall:
iptables -L -n
iptables-save | sudo tee /etc/sysconfig/iptables
service iptables restart
Tools to assist you with the iptables configuration:
If this is too complicated for you, you can use tools such as fwbuilder or UFW. Here, we will run you through the UFW Uncomplicated Firewall.
The UFW is a front-end for iptables that makes configuring the firewall easier while working with iptables.
Step 1: Type this command into the terminal to install UFW:
# apt-get install ufw
Step 2: Next, enable the firewall:
# ufw enable
Step 3: enable the default settings.
# ufw default deny incoming
# ufw default allow outgoing
# ufw default allow outgoing
This will deny all incoming connections. To specify which ones to allow – do the following:
Step 4: To allow specific connections. For example, SSH-
# ufw allow ssh
Step 5: ensure the firewall is saved:
# ufw status verbose
- Rules may be deleted with the following command:
# ufw delete allow ssh
For more info visit resellerclub
No comments: