?
Solved

security

Posted on 2006-11-16
4
Medium Priority
?
204 Views
Last Modified: 2010-04-22
hi i need to apply the following rules on my fedora core 5 box.

I am an apprentice at this computer company and my head IT guy as told me to do the following. And i am not comfortable with it at all.
please help.

Using Iptables.


Blacklist (drop packets from) any host that performs a port scan
Blacklist any host that attempts to use an illegal HTTP method (such as PUT or DELETE)

Limit packets to any one host to a maximum of 10% of the available bandwidth
Log information about any host which transfers more than 100 kb in one connection (do not block the transfer)

Permit ssh connections only from the local network in the day, and only from host not on the local network at night and on weekends
Fingerprint and log the machine type of any host sending a packet to a port on which we are not running a service
Prevent the MySQL server from sending any packets to the network on any port


thanks

theitguy
0
Comment
Question by:theitguy
2 Comments
 
LVL 51

Accepted Solution

by:
ahoffmann earned 1000 total points
ID: 17972162
> Blacklist (drop packets from) any host that performs a port scan
please define port scan, in particular the time slice to be used to detect the scan

> Blacklist any host that attempts to use an illegal HTTP method (such as PUT or DELETE)
don't do that with iptables, iptables is a packet filter, not an application level firewall
If you relly want to make your iptables firewall the performance bottleneck, the you have to use the string module (if you kernel supports it).

> Limit packets to any one host to a maximum of 10% of the available bandwidth
please define bandwidth

> .. local network in the day, and only from host not on the local network at night  ..
not possible with iptables (execpt call external scripts/programs, don't do that!)

> Fingerprint and log the machine type of any host sending a packet to a port on which we are not running a service
see iptables log target

> Prevent the MySQL server from sending any packets to the network on any port
iptables -A FORWARD -s ip-of-MySQL-sever -j DROP
0
 
LVL 8

Assisted Solution

by:jako
jako earned 1000 total points
ID: 18047225
As I see it, you have been given a trying stone and you've failed. Failed to see that it was a test ;) Nobody in their right mind will ever give an apprentice the access to their firewall and an opportunity to mess up their infra. not because of the (falsely) assumed lack of the knowhow, no. rather because of the responsibility.

Before you execute the crontab scripts to modify the ssh related iptables rules or any of the solutions you come up with, to prove that you are up to snuff, ask your superior if he really meant all that and he wants you to implement IDS+traffic_shaping+scripting_magic or it was a joke that he pulled so that they can laugh their a**es off when they see you all worked up and excited working on a "special assignment".

look up snort (http://www.snort.org) and read up on traffic shaping patches for linux kernel (http://lartc.org/) to impress your superior with solutions to some of the tasks from the list.
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
Fine Tune your automatic Updates for Ubuntu / Debian
How to fix display issue, screen flickering issue when I plug in power cord to the machine. Before I start explaining the solution lets check out once the issue how it looks like after I connect the power cord. most of you also have faced this…
SQL Database Recovery Software repairs the MDF & NDF Files, corrupted due to hardware related issues or software related errors. Provides preview of recovered database objects and allows saving in either MSSQL, CSV, HTML or XLS format. Ensures recov…
Suggested Courses

601 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question