Securing your workstation with Firestarter

leirenyuan

Tuesday January 04, 2005 (08:00 AM GMT)
By:
Paul Virijevich
Firestarter
is a GPL-licensed
graphical firewall configuration program for iptables, the powerful firewall
included in Linux kernels 2.4 and 2.6. Firestarter supports network address
translation for sharing an Internet connection among multiple computers, and
port forwarding for redirecting traffic to an internal workstation.
Firestarter's clean and easy to use graphical user interface takes the time out
of setting up a custom firewall. The Firestarter project provides binary
packages for Fedora Core 2 and 3, SUSE 9.2, and Debian; you can use RPM or apt
for installation. A source tarball in available for installation on other
distributions. GNOME 2.6 is required. If you are running KDE, your
distribution's package manager will resolve any dependencies and install any
required GNOME libraries.

Let the wizard be your guide
Firestarter automatically saves your settings and restarts itself upon
reboot when installed from a binary package (RPM or .deb). The installation
procedure puts a Firestarter icon in the System Tools menu if you are running
GNOME. To launch firestarter in KDE, open a terminal window and type
firestarter or create your own menu entry. Launching Firestarter the first time
will bring up the first run configuration wizard. In it, select your network
adapter. If you have a cable modem or a DSL connection that uses a dynamic IP
address, check the box that reads "IP address is assigned via DHCP."
Firestarter is now ready to protect your workstation.
The program's main interface consists of three tabs: status, events, and
policy. The status tab indicates whether the firewall is active, shows your
network devices, the number of events that have occurred, and any active
connections. The event tab lets you know what traffic is being blocked by the
firewall. An event is a connection that has been blocked. This tab is where you
can selectively allow services through your firewall. Items in black are normal
connections to random ports. Items in red could be unauthorized connections
attempts. Items in grey are harmless (usually broadcast traffic). The policy
tab lets you define which hosts and services are allowed to communicate with
your workstation. This is also where you can more broadly define rules.


  
  
  
  
  
  
  
  
  
  
  
  





The two extremes of firewalling are blacklisting and whitelisting. A
blacklist denies all activity while a whitelist does the opposite. By default,
Firestarter operates in blacklist mode for inbound connections and whitelist
mode for outbound traffic. This setup is secure but may not allow legitimate
inbound connections. This is where the events tab comes in handy. Both inbound
and outbound events are registered. By right-clicking on an inbound event you
can choose to:
Allow
     Connections from Source, which gives the source of the connection a free
     pass through all ports on the firewall;Allow Inbound
     Service for Everyone; orAllow Inbound
     Service for Source, which gives only a specific source permission to
     connect to a service.
By right-clicking on an outbound event you can choose to:
Allow
     Connections to Destination, which allow everyone to reach a specified
     destination;Allow
     Outbound Service for Everyone; orAllow
     Outbound Service for Source, which allows only a specific computer to use
     a service.
By starting off with blacklisting and then selectively allowing inbound
and outbound connections, you can quickly create a very secure firewall. All
you need to do is keep an eye on the blocked connections in the event tab and
then decide what services to allow. This setup is useful for preventing a
malicious program from contacting a remote server, but it takes time to tune it
properly. If you already know the names or port numbers of the services you
want to pass through the firewall, you can more quickly set rules using the
policy tab.


The policy tab's inbound interface allows you to specify which hosts and
services to allow, and lets you set up port forwarding. For example, if an
internal workstation was running a service that needed to be accessed from the
Internet, you would tell Firestarter that any connections to the firewall on
that port should be redirected to the internal machine. The outbound interface
allows you to set up blanket whitelisting or blacklisting. You can also block
individual hosts or services from this interface. Clicking on the check box
above the Policy tab activates any changes (automatic updating of Policy
changes can be set in the Preferences menu).


Lasting protection
After a few minutes of installation and configuration, Firestarter will
add an extra layer of security to your workstation. Any future configuration is
activated upon reboot.
Firestarter takes the pain out of workstation firewall configuration. Its
excellent online
tutorial
and
manual
are well written
and provide clear instructions on how the software is used. The project
maintains an active support mailing list.
The Firestarter team has taken something that is hard to configure,
wrapped it in a clean user interface, and provided great documentation. Isn't
it time to make your workstation a little more secure?



本文来自ChinaUnix博客，如果查看原文请点：http://blog.chinaunix.net/u/2284/showart_9494.html