Linux Network Security
Linux Firewall management
Regardless of your firewall type (proxy, packetfiltering, etc), it is not a good idea to have a firewall performing any more services than absolutely necessary. The services are best limited to the minimum services required to run the machine. I recommend that you do not provide NFS, TFTP, BOOTP, DHCP, web services, mail services, samba services, FTP, or telnet on your firewall unless absolutely necessary. If you must provide these services, be careful with wild cards in their configuration files that may allow blocks of systems or users to have access to your machine. Also if you are running these services, you should monitor security postings on these services so you are aware of any security holes associated with that particular service. If you must provide telnet or FTP, be sure you configure your tcp wrapper in the inetd.conf file for these services, and set the hosts.all and hosts.deny files as restrictive as possible. See the section on inetd services for information on how to do this. Policies for a firewall:
- Disable IP forwarding
- Limit services
- Monitor log files carefully including logfiles on any services running.
- Limit write access to files and directories on the firewall.
- Implement policies to prevent denial of services attacks along with IP spoofing and IP fragmentation attacks. Enabling user quotas can help prevent denial of service attacks.
- Limit access to services with the hosts.allow and hosts.deny files.
- Set parameters in your TCP wrapper and any other services to protect against anyone pretending to have another host's name or address. See the section on inetd.
- Be sure your /etc/securetty file will not allow root logins from unsecured locations.
Check your system log files often. They are in the /var/log directory. Check the log files /var/log/secure and var/log/messages daily. Also carefully monitor log files on any extra services you are running on your firewall.
General network policies