Hi Dan, 2017-07-31 20:12 GMT+03:00 Dan Shimshoni <[email protected]>: > Hi, Linux-il, > My question is about securing the Internet access from a Linux Desktop(at > home) to the Internet via ISP ; my setup is quite old: > Dlink BR-6504N (IEEE802.11b/g/n) wireless router which is connected to ADSL > bezeq device (in my case it > is quite old - DSL 2500U), but the question is *in general*. The question is > - which firewall > is recommended to be running on the Linux Desktop ? (let's say it is either > Fedora or Ubuntu). Do you rely on firewalld for Fedora and ufw of > Ubuntu ? or do you recommend something else ? Your router should be acting as a firewall already. If you want a firewall on the stations too because you allow strangers on your network then ufw and firewalld are both frontends to the same firewall subsystem in the kernel so it's just a question of what you find easier and what ships with your distribution. > And regarding the Dlink router - do you recommend any other wireless router > with special security features ? what should we pay attention when > purchasing a new wireless router, related to these aspects ? or is it enough > to have the firewall software on the > desktop itself ? I recommend routers that can run OpenWRT/LEDE (openwrt.org / lede-project.org - it seems they are supposed to unify again but things move slow) since the manufacturers usually don't keep their devices all that up-to-date, I also recommend that you continue to operate the way you seem to already be doing that the Bezeq modem is a seperate device connected to the WAN port of a router you have 100% control over since their devices (and all ISP devices) can't be considered trusted due to the general lack of 100% control over said devices (Bezeq can remotely enter and change settings on most routers they sell). > > My main focus here is avoiding intrusion into the Linux desktop, but > avoiding viruses is also important. Is there a (free) good Anti-virus sw for > a Linux desktop that you can recommend? Responsible computer usage, not working as root, installing from trusted sources and keeping your system up-to-date will do most for your security, also intrusion in generally only possible if you are running or installed services that allow remote access to begin with.
I believe there are vendors of AV software for Linux but can't say anything about its' necessity. HTH, Eliyahu - אליהו > > Regards, > Dan > > _______________________________________________ > Linux-il mailing list > [email protected] > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il > _______________________________________________ Linux-il mailing list [email protected] http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
