View Full Version : basic post-hdinstall security

09-03-2005, 11:02 PM
I'm new to knoppix. What do I need to do right after installing to get secure? I know most new boxes get probed quickly so I'm anxious to get my security up.

Harry Kuhman
09-03-2005, 11:16 PM
For a start and for a DSL user like yourself, I consider a router an absolute must. I would not connect high speed without one. Windows is more vulnerable than Linux, and Knoppix run from CD is pretty secure. But Linux attacks are getting worse, and particularly if you think installing Knoppix to hard disk is a good idea, then I would start at using a router.

A DSL/cable router will give you a good hardware firewall and your system can't be "probed" through it unless you set it up wrong, do something stupid like run an infected program, or move into the "dmz". These things are dirt cheap now; my little Linksys originally cost arround $150, I paid over $100 for it and it was still worth it (and I'm a cheap s.o.b.). Now this and other routers, many even wireless routers, are frequently sold at $10 US or less after reate and usually not much more without a rebate. You can still buy expensive routers, but they are not usually a good choice. If you don't know why you need an expensive one, don't just think it must be better because it costs more.

A router will also make your use of Knoppix much cleaner. You will not have to run PPPoE software, for example. And if you still use Windows that will be much safer (after you clean out the infections you must have by now without one).

I expect others will join in with some of the Linux security and firewall issues as well.

09-04-2005, 03:09 AM
Getting a router is the tip of the iceberg when it comes to security. Everyone is eventually going to have to open a port or use a service of some kind, besides there are known exploits for 2wire routers, certain linksys models, and plenty of reverse backdoors that barely give notice to the router. I would suggest doing the following things to begin.
-Edit /etc/inetd.conf and comment out any services you don't need
-Google rc.firewall
-Get a rookit hunter
-You may want to look into /etc/hosts.allow and hosts.deny if you only have certain people you want connecting
-Always use public keys for ssh
-Do not trust anyone

Anyway you can build on this but this is good for getting secure quickly.