{"id":880,"date":"2017-01-25T15:00:01","date_gmt":"2017-01-25T13:00:01","guid":{"rendered":"https:\/\/community.virtono.com\/?p=880"},"modified":"2023-06-21T10:00:55","modified_gmt":"2023-06-21T07:00:55","slug":"linux-securityfirewalls","status":"publish","type":"post","link":"https:\/\/www.virtono.com\/community\/knowledgebase\/linux-securityfirewalls\/","title":{"rendered":"Linux Security:Firewalls"},"content":{"rendered":"<p>Security is an important but complex topic.<\/p>\n<p>So I&#8217;ll be doing a series of articles, focusing on the principles and working of security of Linux.<\/p>\n<p>The challenge is that it\u2019s an ever-changing idea. Software we think of as secure can become insecure as hackers figure out how to break though whatever safeguards were once coded in.<\/p>\n<p>For users, it means being vigilant\u2014staying on top of your system and considering security a recurring task rather than something you do once and can then be considered finished. In this article, I\u2019m going to run through the best practices for keeping your system secure. I\u2019m not a hacker or a security expert so I\u2019m not going to get very detailed. Instead, I\u2019m going to explain some basic, fundamental, and essential security concepts and give you a few manageable things to do to keep your computer secure. In this series of articles, we\u2019re going to discuss:<\/p>\n<p>\u25a0 <a href=\"https:\/\/virtono.com\/community\/knowledgebase\/linux-security-the-user-and-superuser-concept-and-how-and-why-it-keeps-your-computer-secure\/\" target=\"_blank\" rel=\"noopener\">The user and superuser concept and how and why it keeps your computer secure<\/a><\/p>\n<p>\u25a0 <a href=\"https:\/\/virtono.com\/community\/knowledgebase\/viruses-and-linux-and-linux-antiviruses\/\" target=\"_blank\" rel=\"noopener\">Linux viruses (and anti-viruses)<\/a><\/p>\n<p>\u25a0 <a href=\"https:\/\/wp.me\/p7ISfL-ec\" target=\"_blank\" rel=\"noopener\">Linux firewalls<\/a><\/p>\n<p>\u25a0 <a href=\"https:\/\/wp.me\/p7ISfL-ed\" target=\"_blank\" rel=\"noopener\">Privacy on Linux<\/a><\/p>\n<p>\u25a0 <a href=\"https:\/\/wp.me\/p7ISfL-eg\" target=\"_blank\" rel=\"noopener\">Best practices in running commands safely<\/a><\/p>\n<p>\u25a0 <a href=\"https:\/\/virtono.com\/community\/knowledgebase\/hardening-linux\/\" target=\"_blank\" rel=\"noopener\">Hardening Linux:OS Hardening Principles<\/a><\/p>\n<p>Security issues can send personal information, like logins and passwords, to malicious third parties. These issues can also give these same bad people access to all of your personal files.<br \/>\nThink of security bugs as a hole in your home. With the hole there, things, like burglars, can get into your home. And think of security updates as patches for the holes. With the holes covered, it\u2019s much tougher for someone to get in. Now let\u2019s talk about other ways to keep your system secure. Let\u2019s start with the Linux user and superuser concepts. This idea is the key to keeping Linux systems safe.<\/p>\n<p style=\"text-align: center;\"><strong>Firewalls<\/strong><\/p>\n<p>Unless your computer isn\u2019t connected to the internet, it has traffic coming in and out of it. Traffic is just another word for network activity.<\/p>\n<p>When you go to a website, traffic is leaving your computer. If you connect to your computer from another computer, then traffic is coming into your computer. The traffic travels through ports, which are basically numbered exits and entrances on your computer. There are thousands of ports used for specific purposes, like sending email, chatting, and even printing.<\/p>\n<p>A firewall is what\u2019s used to control this kind of traffic, for users who want granular control over their system. For instance, browser traffic uses port 80 or 443.<\/p>\n<p>If you didn\u2019t want internet traffic on your computer (I\u2019m shivering in terror as I type that sentence), you could block ports 80 and 443 so traffic can\u2019t pass through them. This would mean your web browser couldn\u2019t receive anything from the outside world. You would block the outgoing port, so you can\u2019t access web pages.<\/p>\n<p>However, if you wanted to deny incoming traffic to your computer, meaning you can go out for content but no one can connect to your computer from the outside, a firewall is a useful thing. Configuring a Linux firewall requires a certain degree of knowledge. You have to know which ports and IP addresses you want to block or allow.<\/p>\n<p>It gets more complicated if you remotely connect to your computer from another computer. If you have a simple setup like me, where you only use your computer for accessing the internet, you can turn on the firewall and not tweak it. If you have a more complex setup, I\u2019ll show you how to learn more at the end of this section.<\/p>\n<p>Linux comes with its own configurable firewall called iptables. However, because it\u2019s so configurable, it\u2019s also complicated. To help with that, Ubuntu ships with a command-line program called ufw, which stands for uncomplicated firewall. The ufw program controls iptables, but simplifies the process. By default, ufw is not enabled. To turn it on, type sudo ufw enable. Now that it\u2019s on, you might want to see what it\u2019s blocking and allowing. To do that, type sudo ufw status verbose. You should see something like this:<\/p>\n<p><em>Default: deny (incoming), allow (outgoing)<\/em><\/p>\n<p>This means your firewall is denying all incoming traffic and allowing all outgoing traffic. This is secure, unless you want to connect to your computer. This next bit might get slightly technical for people who don\u2019t connect to their computer from another computer. If you do need access to your computer, you need to open an incoming port in your firewall. For instance, if you use Secure Shell (SSH) to connect to your computer, you\u2019re going to need port 22 open since that\u2019s the port used by SSH. SSH is useful if you want to connect to another computer, to exchange files, or if you\u2019re working with a remote web server. To allow SSH, type:<br \/>\n<em>sudo ufw allow ssh\/tcp<\/em><br \/>\nTo see the new firewall configuration, type sudo ufw status verbose again. You\u2019ll see port 22 is now allowing in traffic. This means you could connect to your computer from another computer. \u00a0If you change your mind about the rule, and want to deny SSH traffic, you can change the command to:<br \/>\n<em>sudo ufw deny ssh\/tcp<\/em><br \/>\nEntering man ufw will give you a sense of the options and parameters to tweak your firewall, if that\u2019s something that interests you. For instance, if you don\u2019t want someone on your system to use chat, you could figure out which ports their chat service uses (an internet search will reveal that) and block the outgoing traffic for that particular port. And if you misconfigure your firewall? The command sudo ufw reset will get rid of all of the rules you created and disable ufw, so you can turn it on and start over with a clean slate. There\u2019s a graphical interface to ufw called Gufw that has preconfigured rules. We\u2019re going to explore that in the lab. Let\u2019s move on to encryption, another security measure.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Security is an important but complex topic. So I&#8217;ll be doing a series of articles, focusing on the principles and working of security of Linux. The challenge is that it\u2019s an ever-changing idea. Software we think of as secure can become insecure as hackers figure out how to break though<\/p>\n","protected":false},"author":3,"featured_media":889,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[5,1],"tags":[],"class_list":["post-880","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-knowledgebase","category-news-announcements"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/01\/firewall-hacker-720x380.jpg?fit=720%2C380&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p7ISfL-ec","jetpack_likes_enabled":true,"jetpack-related-posts":[{"id":876,"url":"https:\/\/www.virtono.com\/community\/knowledgebase\/linux-security-the-user-and-superuser-concept-and-how-and-why-it-keeps-your-computer-secure\/","url_meta":{"origin":880,"position":0},"title":"Linux security : The user and superuser concept and how and why it keeps your computer secure","author":"Daniel Draga","date":"January 24, 2017","format":false,"excerpt":"Security is an important but complex topic. So I'll be doing a series of articles, focusing on the principles and working of security of Linux. The challenge is that it\u2019s an ever-changing idea. Software we think of as secure can become insecure as hackers figure out how to break though\u2026","rel":"","context":"In &quot;Knowledgebase&quot;","block_context":{"text":"Knowledgebase","link":"https:\/\/www.virtono.com\/community\/category\/knowledgebase\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/01\/unnamed-file.jpg?fit=500%2C590&ssl=1&resize=350%2C200","width":350,"height":200},"classes":[]},{"id":884,"url":"https:\/\/www.virtono.com\/community\/knowledgebase\/linux-security-running-commands-safely\/","url_meta":{"origin":880,"position":1},"title":"Linux Security: Running commands safely","author":"Daniel Draga","date":"January 27, 2017","format":false,"excerpt":"Security is an important but complex topic. So I'll be doing a series of articles, focusing on the principles and working of security of Linux. The challenge is that it\u2019s an ever-changing idea. Software we think of as secure can become insecure as hackers figure out how to break though\u2026","rel":"","context":"In &quot;Knowledgebase&quot;","block_context":{"text":"Knowledgebase","link":"https:\/\/www.virtono.com\/community\/category\/knowledgebase\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/01\/9.png?fit=1200%2C750&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/01\/9.png?fit=1200%2C750&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/01\/9.png?fit=1200%2C750&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/01\/9.png?fit=1200%2C750&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/01\/9.png?fit=1200%2C750&ssl=1&resize=1050%2C600 3x"},"classes":[]},{"id":881,"url":"https:\/\/www.virtono.com\/community\/knowledgebase\/linux-security-privacy-on-linuxencryption\/","url_meta":{"origin":880,"position":2},"title":"Linux Security: Privacy on Linux(Encryption)","author":"Daniel Draga","date":"January 26, 2017","format":false,"excerpt":"Security is an important but complex topic. So I'll be doing a series of articles, focusing on the principles and working of security of Linux. The challenge is that it\u2019s an ever-changing idea. Software we think of as secure can become insecure as hackers figure out how to break though\u2026","rel":"","context":"In &quot;Knowledgebase&quot;","block_context":{"text":"Knowledgebase","link":"https:\/\/www.virtono.com\/community\/category\/knowledgebase\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/01\/linux-ransomware-wide.jpeg?fit=600%2C315&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/01\/linux-ransomware-wide.jpeg?fit=600%2C315&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/01\/linux-ransomware-wide.jpeg?fit=600%2C315&ssl=1&resize=525%2C300 1.5x"},"classes":[]},{"id":844,"url":"https:\/\/www.virtono.com\/community\/knowledgebase\/securing-the-clouds\/","url_meta":{"origin":880,"position":3},"title":"Securing The Clouds","author":"Daniel Draga","date":"January 9, 2017","format":false,"excerpt":"Technology is massively integrated with modern business, but many of those businesses still lack a modern security solution which helps protect against vulnerabilities in each layer of organisation. With the Protection Service for Business (PSB), this changes everything. It is a unique breakthrough on technology which provides total protection yet\u2026","rel":"","context":"In &quot;Knowledgebase&quot;","block_context":{"text":"Knowledgebase","link":"https:\/\/www.virtono.com\/community\/category\/knowledgebase\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/01\/cloud-security.jpg?fit=767%2C538&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/01\/cloud-security.jpg?fit=767%2C538&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/01\/cloud-security.jpg?fit=767%2C538&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/01\/cloud-security.jpg?fit=767%2C538&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":873,"url":"https:\/\/www.virtono.com\/community\/knowledgebase\/hardening-linux\/","url_meta":{"origin":880,"position":4},"title":"Hardening Linux:OS Hardening Principles","author":"Daniel Draga","date":"January 20, 2017","format":false,"excerpt":"Hardening Linux and Using iptables There's tremendous value in isolating your bastion (Internet-accessible) hosts in a DMZ network, protected by a well-designed firewall and other external controls. And just as a good DMZ is designed assuming that sooner or later, even firewall-protected hosts may be compromised, good bastion server design\u2026","rel":"","context":"In &quot;Knowledgebase&quot;","block_context":{"text":"Knowledgebase","link":"https:\/\/www.virtono.com\/community\/category\/knowledgebase\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/02\/Linux_Server_Hardening.jpeg?fit=1170%2C822&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/02\/Linux_Server_Hardening.jpeg?fit=1170%2C822&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/02\/Linux_Server_Hardening.jpeg?fit=1170%2C822&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/02\/Linux_Server_Hardening.jpeg?fit=1170%2C822&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/02\/Linux_Server_Hardening.jpeg?fit=1170%2C822&ssl=1&resize=1050%2C600 3x"},"classes":[]},{"id":696,"url":"https:\/\/www.virtono.com\/community\/tutorial-how-to\/securing-linux-web-server\/","url_meta":{"origin":880,"position":5},"title":"Securing Ubuntu or Debian Linux Web Server","author":"Daniel Draga","date":"October 11, 2016","format":false,"excerpt":"Securing your server is important, we'll discuss it in this article why?, but lets begin securing your server right now, with these, quick and small steps towards a secured server. Before we begin, make sure: 1.You have root access to the Linux server 2.You are running either Ubuntu 10.04 LTS\u2026","rel":"","context":"In &quot;Knowledgebase&quot;","block_context":{"text":"Knowledgebase","link":"https:\/\/www.virtono.com\/community\/category\/knowledgebase\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2016\/10\/tux_virus.png?fit=298%2C320&ssl=1&resize=350%2C200","width":350,"height":200},"classes":[]}],"_links":{"self":[{"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/posts\/880","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/comments?post=880"}],"version-history":[{"count":3,"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/posts\/880\/revisions"}],"predecessor-version":[{"id":3560,"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/posts\/880\/revisions\/3560"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/media\/889"}],"wp:attachment":[{"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/media?parent=880"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/categories?post=880"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/tags?post=880"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}