IT Support NZ wrote:
G'day IT Support NZ,Glad you brought the laptop stuff up Shane, I forgot but meant to. Obviously it does pertain more to M$ products, but it's a surefire way to circumvent any firewalls you have in place. If this is a common occurrence, it may well be worth you looking at sticking up an ipcop or similar firewall, and setting up a dmz for them to use so you can control what's happening a bit better.
<snip>
Should I be running ipchains/iptables/whatever locally (on the server,
because it's on 24/7, and on the laptops because they might be plugged
in to someone else's network). If so, why? And why would I need that on
top of locking down sshd on the only open port?
I'd agree with you really. Until you start hosting other services on your servers, there's not too much of a need.It depends on how security conscious you are. If you have laptops going outside your firewall and coming back in then your main server is open to any malicious code which has hit your laptops .. a server based firewall would slow that down or stop it rather than leaving all ports open on your intranet.
I would just check and see what ports are open - run an nmap of your server from horse or something - and take any appropriate action. My router has a 'default destination' option, which I don't use! Mind you, you could have some fun with it.
The other thing is how much do you trust your router? There are a number of exploits, most notably for Cisco and other big name routers which can crack your gateway wide open.
I agree with doing an nmap or visiting grc.com and doing the shieldsup test on your system from an external location.
As for the default destination ... I tend to point my nat rules (excpet for those being used to open ports to the net) to a bogus computer such as 10.66.66.66. This computer doesn't exist and so you have the router transparently passing through packets and the (non-existent) machine not answering .. thus you are a black hole in the water. It makes your machine disappear off the net. This is doubly effective if you explicitly check port 135 and port 0 and make sure those are routed as well.
And before someone tells me there is no port zero ... I know .. but it is an exploit that can be used to determine the exisitence of an otherwise hidden firewall or router.
HTH,
Shane
Steve
