Mis-guided people everywhere now probe security flaws
in servers connected to the Internet.
Even though the ISPs I use at the moment supply a
dynamic IP address for each Internet connection, I decided it would be
prudent to set up a simple firewall suitable for protecting a single
user system connected via a standard dial-up connection (using ppp).
For Windows 98, I decided to purchase Norton Personal
Firewall from Symantec. Some
time later (when upgrading to Broadband Internet) I found this was
having a detrimental effect on the performance of my PC, which I was
unable to resolve at the time. Hence I disabled it and installed ZoneAlarm.
For Linux, I decided that rather than installing a third
party package, it would be interesting to use IP packet filtering
techniques to create a firewall. For details refer to my article Linux firewalls.
Testing, testing, testing
A friend suggested I test the security of the firewalls
by connecting to http://www.dslreports.com/scan.
This site works out your IP address from the connection, and tries to
connect back on various ports, producing a report with warnings grouped
into various security levels. Using this, I was able to test the
security of the firewall as I created it.
One word of warning - your ISP may have an acceptable
use policy which prohibits use of certain security tools including port
scanning tools.
|