[Novalug] Basic security questions, NAT routers, LAMP
Jon Taimanglo
jontaimanglo at gmail.com
Wed Jul 2 06:38:23 EDT 2008
secure PHP should be hardened PHP (http://www.hardened-php.net/).
Jon
On Wed, Jul 2, 2008 at 6:28 AM, Jon Taimanglo <jontaimanglo at gmail.com>
wrote:
> NAT router = Network Address Translation. In a nutshell, the router is
> keeping a table of IP's on the backside (private, usually RFC 1918 addresses
> - i.e. 192.168.x.x/16, 172.16.x.x/12 and 10.x.x.x/8) and mapping them to a
> single or group of IP's on the frontside (routable IP address(es)). You can
> tell NAT is being run if you have any of subnets in these IP ranges on your
> home computers. RFC 1918 addresses are blocked (or they are at supposed to
> be) by routers on the internet (you can imagine the problems if someone
> starting accepting routes to these IP's and they are being used all over the
> world). That being said, NAT is not a firewall. If you want a true
> firewall, look for something like a SPI (stateful packet inspection)
> firewall (more than adequate for a home user - deep packet inspection is hot
> now in security but probably a little much for a home user).
> The modem could also be preforming NAT - depends on how your ISP sets up
> these things. And more than likely you have a DHCP routable IP - some ISP's
> change these around frequently. If you ever decide to go down the route to
> allow outside people to access your websites, look in to dyndns.
>
> As far as your websites being accessible, I imagine the linksys devices has
> a firewall built in to it, or maybe it has a port forwarding option. If you
> have nothing set up in the firewall or port forwarding, you should be good
> to go. A way to check this to find out your routable IP (google what is my
> ip). Then open a browser and attempt to connect to that IP (if you have a
> SSL site, dont forget to https). Alternatively, you could attempt telnet
> with the specific port.
>
> You can further restrict your server configuration by installing a host
> firewall (iptables - guarddog has a pretty good front-end) and looking in to
> apache configurations for Allow,Deny (these are foolproof, but they can add
> a layer of additional security).
>
> Also, if you ever open up your websites, please take a look at secure PHP
> or at the least securing php.ini.
>
> Lastly, if you have questions about PHP (and usually any part of the LAMP
> stack), look in to DC PHP. They are good group of people, just like
> novalug.
>
> Jon
>
> On Wed, Jul 2, 2008 at 12:12 AM, Mackenzie Morgan <macoafi at gmail.com>
> wrote:
>
>> On Tue, 2008-07-01 at 21:06 -0700, John Christopher wrote:
>> > Hi -
>> >
>> > I have the following:
>> >
>> > - Laptop with Ubuntu Linux
>> > - Verizon DSL connected with a Westell Wirespeed C90-36R516 ADSL modem
>> > - Linksys WRT54G wifi router
>> >
>> > I use the computer mainly for surfing, email, etc., but I am also
>> > using it to learn web design and programming.
>> >
>> > I don't know much about computer security, and I have several questions.
>> >
>> > I have read that a NAT router is essential equipment to protect your
>> > computer from, attackers, etc.
>>
>> It's a minor inconvenience to attackers, yes...
>>
>> You know it does NAT if you've only got one IP address from the outside
>> but lots inside. And yes, those are NAT. I'd be quite surprised if
>> your ISP gave you more than one IP at a time.
>>
>> --
>> Mackenzie Morgan
>> http://ubuntulinuxtipstricks.blogspot.com
>> apt-get moo
>>
>> _______________________________________________
>> Novalug mailing list
>> Novalug at calypso.tux.org
>> http://calypso.tux.org/cgi-bin/mailman/listinfo/novalug
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://calypso.tux.org/pipermail/novalug/attachments/20080702/45c24bab/attachment-0001.htm
More information about the Novalug
mailing list