Internet Security

I am new to this Linux business, I would like to know how to keep my box secure from the outside world, I use dialup connectivity so I do not need Apache or ftp server, so any advise would be helpful, please keep it simple as I am not a Network guru more like a network pleb.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

There are a lot of security sites out there, which will give you a range of things that you can do to improve security. Rather than type out all of it again, I'll point you at a few choice ones...

First the TrinityOS website. Especially Section 8. This says everything I was about to say and more.
It describes in great detail your first lockdown after you install and will make a big difference to the security of your machine.

Second, the security/bugfix page for your linux distrubution. ( This should be available from the homepage eg. Make sure that you keep up to date with the latest security patches.

After that, you can decide how paranoid you want to be. The Trinity OS website tells you about firewalls, and the IPChains HOWTO will tell you more, as will the Firewall HOWTO. Both of the HOWTO's are available at -- and they should also be present in your Linux distribution.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jetforceAuthor Commented:
I haven't had a chance to look at the documents, give me another day , if they are any good I will give you the points.

The Linux Security HOWTO is another good document. Again at

Also, subscribe to bugtraq, and read packetstorm:

Bugtraq is at

Both are invaluable resources for securing your machine.

And you might want to consider running OpenBSD instead of linux--it has fewer inherent security holes.
Assuming you're running a relatively recent distro, there will be kernel firewall support already compiled in.

A "quick'n'effective" tool to make use of this, and block out the majority of outside accesses is Isinglass :

Works well for me - has options to log the packets etc., and has served me well.  Remember that for the most part, people won't expend big effort on cracking a system of "minimal value" - and most of the "easy" attacks are blocked with a kernel-firewall of this nature.

For what it's worth, the worst attempts against my own machines in recent times have been a few portscans, and an EXPN scan on my mailserver.  Because Isinglass shows the vast majority of ports as closed, most attempts stop before they start.  The real rule is that for the services you WILL have open - make sure they're up to date, and keep checking for new security bulletins on them.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.