[Cialug] DMZ, router's firewall and web server's, security...

[Jeff Davis]

afan at afan.net wrote:
>> Is your router doing NAT and SPI?  
> I'm not sure, but I think not.
What is the brand and model of your router?


>> Do you run AV on your windows boxen?
> Sorry, what's AV?
Sorry, that'd be anti-virus.


 >> Do you run any banking or tax software on your PC's?
> No. Just simple web server to start to learn web server administration.
So if you did get hacked, they can read your
LUG mail and what you emailed to grandma.
Not good but better than them having access to your
last 6 years of tax returns and all your QuickBooks files.
(Skipping my ramblings about hackers installing netcat, key loggers, etc.)


>>If you said yes to the first 3 and no to these then you're probably ok.
>> Unless you're paranoid or someone is targeting you for some reason.
> I think I'm ok. It's just that I was "confused" by people I talked to. But, now I found they have no idea what they were talking about. :)
Remember context.  If you're asking someone who only uses linux at home and
does Solaris administration at work, they may not be considering your XP box
when answering your question.

Security folks will recommend that you always keep a hardware
firewall between you and the internet, use a policy of 'DENY ALL'
(including outbound traffic), then make rules to allow what you need.
This is a good idea, but it requires ongoing administration.
(Security isn't a Ronco cooker, you can't "set it and forget it.")
If mom has to call mediacom because she has a problem they'll ask her
to connect directly to the cable modem and bypass the firewall, gamers
will be opening ports to play, there will eventually be a firmware update, etc.

Keep an eye on your bandwidth, if you look you'll probably notice
when someone hacks you and is running a warez site off your box.

IMHO for the average joe, a nat router doing spi, no open inbound
port settings, and keeping an eye on bandwidth is probably enough.
(That doesn't mean I think you're safe.)

-Jeff