Browse Source

Firewall description

Bob Mottram 11 years ago
parent
commit
2777161543
1 changed files with 3 additions and 2 deletions
  1. 3
    2
      beaglebone.txt

+ 3
- 2
beaglebone.txt View File

@@ -1084,12 +1084,12 @@ apt-get install fail2ban
1084 1084
 ** Set up a firewall
1085 1085
 
1086 1086
 #+BEGIN_VERSE
1087
-/The documents, from a PowerPoint presentation prepared for a 2012 NSA conference called SIGDEV, show that the unit known as the Joint Threat Research Intelligence Group, or JTRIG, boasted of using the DDOS attack – which it dubbed Rolling Thunder/
1087
+/The NSA also attacks network devices directly: routers, switches, firewalls, etc. Most of these devices have surveillance capabilities already built in; the trick is to surreptitiously turn them on. This is an especially fruitful avenue of attack; routers are updated less frequently, tend not to have security software installed on them, and are generally ignored as a vulnerability./
1088 1088
 
1089
+-- Bruce Schneier
1089 1090
 #+END_VERSE
1090 1091
 
1091
-A basic firewall limits the maximum rate at which connections can be made and closes any unused ports, and this helps to defend against various kinds of DDOS attack.
1092
+A basic firewall limits the maximum rate at which connections can be made and closes any unused ports, and this helps to defend against various kinds of DDOS attack.  Your internet router may contain a firewall, but chances are that it also contains proprietary software which can be remotely changed/updated by the ISP.  Unless you're running free software, such as [[https://en.wikipedia.org/wiki/OpenWrt][OpenWrt]], on your internet router then it's reasonable to assume that the device is hostile and could be conducting surveillance, trying to do [[https://en.wikipedia.org/wiki/Man-in-the-middle_attack]["man in the middle"]] attacks or be pushing "implants" onto the computers and mobile devices on your local network.  That means that your server needs its own firewall.
1092 1093
 
1093 1094
 #+BEGIN_SRC: bash
1094 1095
 apt-get install portsentry