security/firewall on Linux desktop at home - connection to the Intenet
E.S. Rosenberg
esr+linux-il at g.jct.ac.il
Tue Aug 1 16:03:52 IDT 2017
Hi Dan,
2017-07-31 20:12 GMT+03:00 Dan Shimshoni <danshimsh at gmail.com>:
> Hi, Linux-il,
> My question is about securing the Internet access from a Linux Desktop(at
> home) to the Internet via ISP ; my setup is quite old:
> Dlink BR-6504N (IEEE802.11b/g/n) wireless router which is connected to ADSL
> bezeq device (in my case it
> is quite old - DSL 2500U), but the question is *in general*. The question is
> - which firewall
> is recommended to be running on the Linux Desktop ? (let's say it is either
> Fedora or Ubuntu). Do you rely on firewalld for Fedora and ufw of
> Ubuntu ? or do you recommend something else ?
Your router should be acting as a firewall already.
If you want a firewall on the stations too because you allow strangers
on your network then ufw and firewalld are both frontends to the same
firewall subsystem in the kernel so it's just a question of what you
find easier and what ships with your distribution.
> And regarding the Dlink router - do you recommend any other wireless router
> with special security features ? what should we pay attention when
> purchasing a new wireless router, related to these aspects ? or is it enough
> to have the firewall software on the
> desktop itself ?
I recommend routers that can run OpenWRT/LEDE (openwrt.org /
lede-project.org - it seems they are supposed to unify again but
things move slow) since the manufacturers usually don't keep their
devices all that up-to-date, I also recommend that you continue to
operate the way you seem to already be doing that the Bezeq modem is a
seperate device connected to the WAN port of a router you have 100%
control over since their devices (and all ISP devices) can't be
considered trusted due to the general lack of 100% control over said
devices (Bezeq can remotely enter and change settings on most routers
they sell).
>
> My main focus here is avoiding intrusion into the Linux desktop, but
> avoiding viruses is also important. Is there a (free) good Anti-virus sw for
> a Linux desktop that you can recommend?
Responsible computer usage, not working as root, installing from
trusted sources and keeping your system up-to-date will do most for
your security, also intrusion in generally only possible if you are
running or installed services that allow remote access to begin with.
I believe there are vendors of AV software for Linux but can't say
anything about its' necessity.
HTH,
Eliyahu - אליהו
>
> Regards,
> Dan
>
> _______________________________________________
> Linux-il mailing list
> Linux-il at cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
More information about the Linux-il
mailing list