Database web hosting - CHAPTER 9 HOW TO SECURE YOUR COMPUTER
CHAPTER 9 HOW TO SECURE YOUR COMPUTER that isn t authorized will be refused; as far as the program sending the data is concerned, it will be as if your computer did not have a network or Internet connection. Here s how to set outbound connection rules: 1. In the Firestarter main window, click the Policy tab. Select Outbound Traffic Policy in the Editing drop-down list. 2. Click the Restrictive by Default, Whitelist Traffic radio button. 3. In the second empty box at the bottom of the Policy tab, right-click and select Add Rule. 4. The Add New Outbound Rule dialog box appears. Select the type of data connection you wish to allow. At the very least, you should select HTTP. This will allow your web browser to operate correctly (it s also needed to allow the Synaptic Package Manager and Update Manager programs to work). You should also add a rule for POP3 and another for SMTP, without which your e-mail program won t work. Selecting the type of service will fill in the Port box automatically. You shouldn t alter this unless you know what you re doing. 5. Click the Add button to add the rule. Back in the Firestarter main window, click Apply Policy. 6. Test your settings with a program that uses the services you ve just authorized. Caution If you created an inbound rule, you ll need to create a matching outbound rule. If you created an incoming rule for BitTorrent, for example, you ll need to create an outgoing rule for BitTorrent, too. You can delete both incoming and outgoing rules by right-clicking their entries in the list. Turning Off Diagnostic Services Certain network tools can be misused by crackers in order to break into a computer or just cause it problems. In the past, the traceroute and ping tools, among others, have been used to launch denial-of-service (DoS) attacks against computers. Ubuntu is set to allow these tools to operate by default. If you want to adopt a belts-andbraces approach to your computer s security, you can opt to disable them. If you don t know what ping and traceroute are, you re clearly not going to miss them, so there will be no harm in disallowing them. Here s how: 1. In the Firestarter main window, click Edit . Preferences. 2. On the left side of the Preferences window, click ICMP Filtering. Then click the Enable ICMP Filtering check box, as shown in Figure 9-6. Don t put a check in any of the boxes underneath, unless you specifically want to permit one of the services.