Kitz Forum

Computer Software => Linux => Topic started by: Weaver on June 19, 2019, 08:58:23 AM

Title: Securing machine exposed to internet
Post by: Weaver on June 19, 2019, 08:58:23 AM
I have an Ubuntu machine that is hosted. Itís currently sitting in the internet with no firewall in front of it. Could someone help me to secure it to a sane standard, also firewalling considerations?
Title: Re: Securing machine exposed to internet
Post by: parkdale on June 19, 2019, 01:21:50 PM
https://help.ubuntu.com/community/IptablesHowTo will explain how to set a firewall....  Although I seem to remember you had a go at this before and locked yourself out :-\
Title: Re: Securing machine exposed to internet
Post by: Weaver on June 19, 2019, 04:10:51 PM
I did, and ended up, locked out. I talked to Burrakucat about that. I have no problem in that I donít lose anything, as all my sources are backed up on my iPad but having to reinstate everything by hand is a pain after I wreck the machine and have to wipe it. I need to get some system sorted out for backing up the core configuration stuff. But that is a nightmare.

Another question I wanted to ask about software firewalling. I am obviously not completely shielding the machine from loss of CPU cycles but I suppose the software firewall throws things away before it can have any further knock-on implications caused by processes that accept requests for communication on particular ports and go on to do something or other even if it is only to find out after a very short time that the communicant is illegitimate and thus rejecting it. Maybe the firewall provides a shortcut to rejection, in a guaranteed minimum time.

If you are not using firewalling as a form of ACL security measure, where the blocking of certain ports / protocols is used  to prevent users running certain types of software successfully. But if you have no rogue users then is there any point to a software firewall?

I was also thinking about other security basics though. What else should I be thinking of?

Burrakucat has volunteered to nmap me.