Basic Security Measures for FreeBSD
by Szekely Ervin - Thursday, 19 June 2003.
Now, if you are a dial-up user you might have natd enabled either in your rc.conf file either in your ppp.conf file. Disable them by adding/modifying this line in rc.conf:

ppp_nat="NO"

Now let's get down to the firewall rules. Create the /etc/firewall/ directory and start editing the ipfw.rules file (or whatever you added to rc./conf) - example.

That's all. Now reboot your machine. In order to check if the firewall was loaded type:

ipfw show

You should see the firewall rules you just made. Now your firewall is up and running protecting you from the outside world. If you want to disable your firewall do:

ipfw -f flush

The great thing about ipfw is that you can add commands on the way. All you have to do is type:

ipfw add Rule_Number Rule

The Rule_Number is important because ipfw interprets the commands in the order you specify them. For more advanced ipfw rules read the man.

Testing your security

OK, now you have a pretty secure workstation that you can safely connect to the internet. But how can you know that for sure ? Test it.

Testing the firewall

For this operation you'll probably need a friend's help (because your firewall was configured to allow localhost connections. Of course you could add something like:



ipfw del 120

ipfw del 130

ipfw del 140



Or whatever the numbers of the rules that allow localhost connections are. Either way you have to find a way to be "outside" the firewall.

Now, ask a friend, or by yourself do a nmap scan (you can install it in freeBSD from /usr/ports/security/nmap). The command should be something like:

nmap -v -O -sS your.host.com

If everything is right you should only see the ports you enabled (21 and maybe 80). To check your ftp and httpd security the best way is to look up their version number in a security database like bugtraq, security-focus, packetstormsecurity, etc.

Spotlight

Using Hollywood to improve your security program

Posted on 29 July 2014.  |  Tripwire CTO Dwayne Melancon spends a lot of time on airplanes, and ends up watching a lot of movies. Some of his favorite movies are adventures, spy stuff, and cunning heist movies. A lot of these movies provide great lessons that we can apply to information security.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Jul 30th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //