Solved

security

Posted on 2006-11-16
4
189 Views
Last Modified: 2010-04-22
hi i need to apply the following rules on my fedora core 5 box.

I am an apprentice at this computer company and my head IT guy as told me to do the following. And i am not comfortable with it at all.
please help.

Using Iptables.


Blacklist (drop packets from) any host that performs a port scan
Blacklist any host that attempts to use an illegal HTTP method (such as PUT or DELETE)

Limit packets to any one host to a maximum of 10% of the available bandwidth
Log information about any host which transfers more than 100 kb in one connection (do not block the transfer)

Permit ssh connections only from the local network in the day, and only from host not on the local network at night and on weekends
Fingerprint and log the machine type of any host sending a packet to a port on which we are not running a service
Prevent the MySQL server from sending any packets to the network on any port


thanks

theitguy
0
Comment
Question by:theitguy
4 Comments
 
LVL 51

Accepted Solution

by:
ahoffmann earned 250 total points
Comment Utility
> Blacklist (drop packets from) any host that performs a port scan
please define port scan, in particular the time slice to be used to detect the scan

> Blacklist any host that attempts to use an illegal HTTP method (such as PUT or DELETE)
don't do that with iptables, iptables is a packet filter, not an application level firewall
If you relly want to make your iptables firewall the performance bottleneck, the you have to use the string module (if you kernel supports it).

> Limit packets to any one host to a maximum of 10% of the available bandwidth
please define bandwidth

> .. local network in the day, and only from host not on the local network at night  ..
not possible with iptables (execpt call external scripts/programs, don't do that!)

> Fingerprint and log the machine type of any host sending a packet to a port on which we are not running a service
see iptables log target

> Prevent the MySQL server from sending any packets to the network on any port
iptables -A FORWARD -s ip-of-MySQL-sever -j DROP
0
 
LVL 8

Assisted Solution

by:jako
jako earned 250 total points
Comment Utility
As I see it, you have been given a trying stone and you've failed. Failed to see that it was a test ;) Nobody in their right mind will ever give an apprentice the access to their firewall and an opportunity to mess up their infra. not because of the (falsely) assumed lack of the knowhow, no. rather because of the responsibility.

Before you execute the crontab scripts to modify the ssh related iptables rules or any of the solutions you come up with, to prove that you are up to snuff, ask your superior if he really meant all that and he wants you to implement IDS+traffic_shaping+scripting_magic or it was a joke that he pulled so that they can laugh their a**es off when they see you all worked up and excited working on a "special assignment".

look up snort (http://www.snort.org) and read up on traffic shaping patches for linux kernel (http://lartc.org/) to impress your superior with solutions to some of the tasks from the list.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now