On Feb 5, 2010, at 6:55 PM, David McGuffey davidmcguffey@verizon.net wrote:
On Thu, 2010-02-04 at 09:19 -0500, Ross Walker wrote:
On Feb 3, 2010, at 9:36 PM, David McGuffey davidmcguffey@verizon.net wrote:
I'm trying to reduce the attack surface to a home machine that is always on and connected to the Internet. It is running CentOS 5.4, with tight iptables rules and sits behind a Verizon FiOS firewall/switch also configured with tight rules.
I was wondering how to best block all network access to it when I log off...then unblock it when I log on. Changing iptables requires root access...as does running ifdown and ifup scripts.
I could change the permissions on ifdown and ifup and run them from the login/logout scripts, but I'd prefer not to do that.
Any tips?
Set iptables to block all inbound traffic unless initiated from your workstation.
It's the most secure, all the time.
-Ross
It is already set up that way...but I was thinking about taking the interface down if no one is logged into the console (this is a workstation used as a home computer and not supporting any network servers).
I was thinking of a cron job that would run 'who' and if there were no active logins, run 'ifdown eth0'
Why?
That's overkill, if you really want to go that way, why not shutdown the PC when it's not being used, or see if you can make it go into 'sleep' mode which will turn off the network interfaces.
-Ross