Linux Security:Firewalls

Security is an important but complex topic.

So I’ll be doing a series of articles, focusing on the principles and working of security of Linux.

The challenge is that it’s an ever-changing idea. Software we think of as secure can become insecure as hackers figure out how to break though whatever safeguards were once coded in.

For users, it means being vigilant—staying on top of your system and considering security a recurring task rather than something you do once and can then be considered finished. In this article, I’m going to run through the best practices for keeping your system secure. I’m not a hacker or a security expert so I’m not going to get very detailed. Instead, I’m going to explain some basic, fundamental, and essential security concepts and give you a few manageable things to do to keep your computer secure. In this series of articles, we’re going to discuss:

■ The user and superuser concept and how and why it keeps your computer secure

■ Linux viruses (and anti-viruses)

■ Linux firewalls

■ Privacy on Linux

■ Best practices in running commands safely

■ Hardening Linux:OS Hardening Principles

Security issues can send personal information, like logins and passwords, to malicious third parties. These issues can also give these same bad people access to all of your personal files.
Think of security bugs as a hole in your home. With the hole there, things, like burglars, can get into your home. And think of security updates as patches for the holes. With the holes covered, it’s much tougher for someone to get in. Now let’s talk about other ways to keep your system secure. Let’s start with the Linux user and superuser concepts. This idea is the key to keeping Linux systems safe.

Firewalls

Unless your computer isn’t connected to the internet, it has traffic coming in and out of it. Traffic is just another word for network activity.

When you go to a website, traffic is leaving your computer. If you connect to your computer from another computer, then traffic is coming into your computer. The traffic travels through ports, which are basically numbered exits and entrances on your computer. There are thousands of ports used for specific purposes, like sending email, chatting, and even printing.

A firewall is what’s used to control this kind of traffic, for users who want granular control over their system. For instance, browser traffic uses port 80 or 443.

If you didn’t want internet traffic on your computer (I’m shivering in terror as I type that sentence), you could block ports 80 and 443 so traffic can’t pass through them. This would mean your web browser couldn’t receive anything from the outside world. You would block the outgoing port, so you can’t access web pages.

However, if you wanted to deny incoming traffic to your computer, meaning you can go out for content but no one can connect to your computer from the outside, a firewall is a useful thing. Configuring a Linux firewall requires a certain degree of knowledge. You have to know which ports and IP addresses you want to block or allow.

It gets more complicated if you remotely connect to your computer from another computer. If you have a simple setup like me, where you only use your computer for accessing the internet, you can turn on the firewall and not tweak it. If you have a more complex setup, I’ll show you how to learn more at the end of this section.

Linux comes with its own configurable firewall called iptables. However, because it’s so configurable, it’s also complicated. To help with that, Ubuntu ships with a command-line program called ufw, which stands for uncomplicated firewall. The ufw program controls iptables, but simplifies the process. By default, ufw is not enabled. To turn it on, type sudo ufw enable. Now that it’s on, you might want to see what it’s blocking and allowing. To do that, type sudo ufw status verbose. You should see something like this:

Default: deny (incoming), allow (outgoing)

This means your firewall is denying all incoming traffic and allowing all outgoing traffic. This is secure, unless you want to connect to your computer. This next bit might get slightly technical for people who don’t connect to their computer from another computer. If you do need access to your computer, you need to open an incoming port in your firewall. For instance, if you use Secure Shell (SSH) to connect to your computer, you’re going to need port 22 open since that’s the port used by SSH. SSH is useful if you want to connect to another computer, to exchange files, or if you’re working with a remote web server. To allow SSH, type:
sudo ufw allow ssh/tcp
To see the new firewall configuration, type sudo ufw status verbose again. You’ll see port 22 is now allowing in traffic. This means you could connect to your computer from another computer.  If you change your mind about the rule, and want to deny SSH traffic, you can change the command to:
sudo ufw deny ssh/tcp
Entering man ufw will give you a sense of the options and parameters to tweak your firewall, if that’s something that interests you. For instance, if you don’t want someone on your system to use chat, you could figure out which ports their chat service uses (an internet search will reveal that) and block the outgoing traffic for that particular port. And if you misconfigure your firewall? The command sudo ufw reset will get rid of all of the rules you created and disable ufw, so you can turn it on and start over with a clean slate. There’s a graphical interface to ufw called Gufw that has preconfigured rules. We’re going to explore that in the lab. Let’s move on to encryption, another security measure.