I just moved into a dorm today, just starting as a freshman this year. I got linux connecting to the network and everything, and right now I'm using firestarter as a firewall. I'm really not sure how good firestarter really is, its detecting hits on my computer like every second. That got me thinking that I may need to get a different firewall or something like that. What I basically need to do is browse the web, and use gaim (aim). I don't need to do much more. I disabled a lot of the daemons that start with the computer such as ssh so nobody has access to my computer that way. What other daemons are good to disable?

I guess I'm just asking if anyone has good advice to give me about how to secure my pc better, and maybe suggest a good firewall I could use. If you have any good links that would be great too.

Right now I'm using gentoo on my laptop. I just synced my pc, and did an emerge system.

From what I remeber when I was screwing around with firestarter, it gives you a list any anything that hits your ip address. If you turn off notices for anything that isn't directed at your IP in particular, you will get far less notices, but everything else is still blocked. If want to keep everything out and don't feel ready to mess with iptables, Smoothwall is a decent firewall and it is easy to set up.

often times in college just having physical security (keeping your room locked when away) and running a non-windows os (linux, unix) will deter anything nefarious.

most guys in CS depts don't know linux or if they do they only know half a dozen commands. hell, all i did to my computer when i left was turn the monitor off. didn't lock down the termial or gui ever. you'd be suprised how many people, nerds and very determined roommates included, who would give up trying to mess with your computer if after moving the mouse the monitor didn't turn on.

security though obsecurity pezplaya.

ssh is damn secure...unless they have your username and password it would be nearly impossible to ssh into yuor box. remote access is certainly worth a very small security gap, if it can even be called that.

Originally posted by pezplaya
I'm really not sure how good firestarter really is, its detecting hits on my computer like every second. That, in and of itself, does not mean that the firewall is bad, or that it's letting anything through.

In fact, getting a different firewall will not help out with this "problem" at all, anyway -- your firewall cannot affect the traffic hitting your network card, all it can do is drop some of it (and optionally log it). ;)

As long as the firewall is blocking the traffic it is doing what it is supposed to, so there is nothing to worry about. Just make sure you keep everything patched, updated and use decent passwords.

I would guess what you are seeing is perfectly normal. It is just all kinds of Windows broadcast traffic, and virus infected computers making noise on the network.

Originally posted by bwkaz
That, in and of itself, does not mean that the firewall is bad, or that it's letting anything through.

In fact, getting a different firewall will not help out with this "problem" at all, anyway -- your firewall cannot affect the traffic hitting your network card, all it can do is drop some of it (and optionally log it). ;)

Yea, thats what I figured. I assumed firestarter was doing everything fine, just thought I would make sure and check what others thought.

Thanks guys.

Ideally there should be a (simple) way of listing all the services that are set to boot for a given runlevel. Eg on RH9 its under System Settings/Server Settings/Services.
I imagine gentoo has a similar tool somewhere.
I'd recommend turning off any filesharing eg nfs, rpc, samba services. Also xinetd (super daemon) which controls things like default ftp and telnet daemons.
Make sure you keep up to date with security patches.
I'm guessing you are at University, so there will be Linux aware people around, not to mention on the net...
You may want to look at tools like Tripwire, www.chkrootkit.org, nmap and www.bastille-linux.org.

http://www.linuxkungfu.org/

http://jetblackz.freeprohost.com/Usingiptables.html

I've used the 2nd on Slack and it was a breeze to set up they have instructions for other distros too.