Network security

Work in progress

Content

Introduction
How to install a simple firewall
How to install a simple anti-virus application (clam)
A simple guide how to make your computer “child friendly”

Introduction

This article is about making your elementary OS installation safe and secure as it provides instructions on how to install a simple firewall, an anti-virus application and shares some options for parental controls.
How to install a simple firewall

The ufw & gufw (uncomplicated firewall) firewall is designed to be easy to use. It uses a command line interface consisting of a small number of simple commands. Despite being simple to implement it utilizes powerful tools to protect your computer. For most users this will be a one-time set up that will place an Application launcher in slingshot for reference and future maintenance if needed.

open your terminal (command line) [CTRL]-[ALT]-[T] then copy and paste the following line

sudo apt-get install gufw

Now lets add some rules for incoming and outgoing web traffic. Paste the following lines one and a time and hit enter each time
rules for incoming web traffic

sudo ufw deny 5353/udp
sudo ufw deny 5900/tcp
sudo ufw deny 22
sudo ufw deny 25/tcp
sudo ufw deny 135,139,445/tcp
sudo ufw deny 137,138/udp
sudo ufw deny 110
sudo ufw deny 2049
sudo ufw deny 143
sudo ufw deny 21/tcp
sudo ufw deny ssh

rules for outgoing web traffic (not recommended)

Note: Outgoing rules can get complicated and most people don’t bother implementing them. I do and use the list below believing it gives me a significantly smaller attack profile. Applying outgoing rules is totally optional and subjective to your circumstances. If you do not know of any additional circumstances then you probably do not need to apply any outgoing rules. If you do, apply these….

.

sudo ufw deny out 1:19/tcp
sudo ufw deny out 1:19/udp
sudo ufw deny out 22:52/tcp
sudo ufw deny out 22:52/udp
sudo ufw deny out 54:79/tcp
sudo ufw deny out 54:79/udp
sudo ufw deny out 81:122/tcp
sudo ufw deny out 81:122/udp
sudo ufw deny out 124:442/tcp
sudo ufw deny out 124:442/udp
sudo ufw deny out 444:65535/tcp
sudo ufw deny out 444:65535/udp

enable/activate the changes (required)

sudo ufw enable

run this command to check your changes

sudo ufw status verbose

how to install a simple anti-virus application (clam)

Clam Anti-virus (ClamAV) is a free anti-virus software tool-kit able to detect many types of malicious software, including viruses. One of its main uses is on mail servers as a server-side email virus scanner. It runs on Microsoft Windows. Both ClamAV and its updates are made available free of charge.

open your terminal (command line) [CTRL]-[ALT]-[T] then copy and paste the following line

sudo apt-get install clamav clamtk

set-up options

To received updates automatically (recommended) go to the advanced tab run the wizard and select automatic
If your preference is to manually update your anti-virus inventory select help then check for updates.
In the advanced tab by selecting Schedule you can set up your preferences and times for automatic scanning
For manual scanning select Scan from the menu and select one of the options

A simple guide how to make your computer “child friendly”

If you want to make your computer child friendly there are no “absolute” fail safe measures you can take however OpenDNS is probably one of the best. An added advantage of OpenDNS is it protects every computer, laptop, smartphone or tablet in your household, just by following the instructions below.
What is openDNS, and how to get openDNS?

OpenDNS is a free DNS service that can not only speed up your internet but also provide you options like…

Web content filtering
anti-phishing,
malware protection
smart cache and much more.

The bottom line is OpenDNS servers have a huge collection IP addresses of millions of web pages. When you look for a website, it immediately finds the corresponding IP address and hence gets it to load faster. It’s intuitive and literally takes less than 10 minutes to set up (no software installation required)

To utilize all its features, all you need to do is sign-up with them here. Basic OpenDNS is suitable for all your household devices is free of cost. (For business solutions there is a nominal annual fee)

Once you have signed up, you’ll get a confirmation link in your mailbox. Click on the link and it will redirect you to dashboard settings on the main website.

It will automatically detect your IP address. Click on Add this network button given below your IP address All you need to now is to follow the Instructions provided on the website and add these IP addresses to your router.

Preferred DNS server: 208.67.222.222
Alternate DNS server: 208.67.220.220

what next?

By default, nothing is blocked. You have FULL control to select one of 3 pre-sets

Low
Moderate or
High filtering levels

Example: If you choose “Low” filtering level then all the pornography sites will be blocked . You increase the filter level to apply more restrictions. There is also a custom filtering levels that allows you to be specific or tweak one of the pre-sets.

You can block or allow any domain of your choice by entering the domain name. It also gives you the ability to add an extra layer of security as it provides malware and botnet protection as well as phishing protection. You may also block internal IP addresses.

Add Comment

Click here to post a comment

Calendar

April 2024
M T W T F S S
1234567
891011121314
15161718192021
22232425262728
2930  

Recent Posts

April 2024
M T W T F S S
1234567
891011121314
15161718192021
22232425262728
2930