?
Solved

security

Posted on 2006-11-16
4
Medium Priority
?
199 Views
Last Modified: 2010-04-22
hi i need to apply the following rules on my fedora core 5 box.

I am an apprentice at this computer company and my head IT guy as told me to do the following. And i am not comfortable with it at all.
please help.

Using Iptables.


Blacklist (drop packets from) any host that performs a port scan
Blacklist any host that attempts to use an illegal HTTP method (such as PUT or DELETE)

Limit packets to any one host to a maximum of 10% of the available bandwidth
Log information about any host which transfers more than 100 kb in one connection (do not block the transfer)

Permit ssh connections only from the local network in the day, and only from host not on the local network at night and on weekends
Fingerprint and log the machine type of any host sending a packet to a port on which we are not running a service
Prevent the MySQL server from sending any packets to the network on any port


thanks

theitguy
0
Comment
Question by:theitguy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 51

Accepted Solution

by:
ahoffmann earned 1000 total points
ID: 17972162
> Blacklist (drop packets from) any host that performs a port scan
please define port scan, in particular the time slice to be used to detect the scan

> Blacklist any host that attempts to use an illegal HTTP method (such as PUT or DELETE)
don't do that with iptables, iptables is a packet filter, not an application level firewall
If you relly want to make your iptables firewall the performance bottleneck, the you have to use the string module (if you kernel supports it).

> Limit packets to any one host to a maximum of 10% of the available bandwidth
please define bandwidth

> .. local network in the day, and only from host not on the local network at night  ..
not possible with iptables (execpt call external scripts/programs, don't do that!)

> Fingerprint and log the machine type of any host sending a packet to a port on which we are not running a service
see iptables log target

> Prevent the MySQL server from sending any packets to the network on any port
iptables -A FORWARD -s ip-of-MySQL-sever -j DROP
0
 
LVL 8

Assisted Solution

by:jako
jako earned 1000 total points
ID: 18047225
As I see it, you have been given a trying stone and you've failed. Failed to see that it was a test ;) Nobody in their right mind will ever give an apprentice the access to their firewall and an opportunity to mess up their infra. not because of the (falsely) assumed lack of the knowhow, no. rather because of the responsibility.

Before you execute the crontab scripts to modify the ssh related iptables rules or any of the solutions you come up with, to prove that you are up to snuff, ask your superior if he really meant all that and he wants you to implement IDS+traffic_shaping+scripting_magic or it was a joke that he pulled so that they can laugh their a**es off when they see you all worked up and excited working on a "special assignment".

look up snort (http://www.snort.org) and read up on traffic shaping patches for linux kernel (http://lartc.org/) to impress your superior with solutions to some of the tasks from the list.
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question