Now with the Linux operating system you have a lot of choices for protection. But one of the easiest to use is Firestarter. Firestarter is one of the easiest-to-use firewalls I have used. And with this simplicity does not come a sacrifice to security. Just because it’s easy does not mean it lacks protection. Firestarter is powerful and has a ton of features. In this article you will learn how to install Firestarter and set up a basic desktop firewall.

Feature highlights

Firestarter includes such features as:

• Setup wizard.
• Real time event viewer.
• Easy port forwarding.
• ICMP parameter tuning.
• Advanced kernel tuning.
• Suitable for desktops, servers, and gateways.

and much, much more.

Installation

The installation of Firestarter is simple. Because it will most likely be found in your distributions’ repositories you will only need to follow these steps for installation:

1. Open up your Add/Remove Software tool.
2. Search for “firestarter” (no quotes).
3. Select Firestarter for installation.
4. Click Apply.
5. Enter your user password.
6. Wait for the installation to complete.
7. Close your Add/Remove Software utility.

Running Firestarter

Figure 1

You will find the Firestarter executable located in the Administration sub-menu of the System menu (in GNOME). When you first run Firestarter the wizard will open up. The first screen is the usual Welcome screen so you can just click the Forward button. The first screen you will have to do any configuration with is the Network Device Setup (see Figure 1). In this screen you need to set which interface Firestarter is to listen to. I am using a laptop so I will select my wireless device.

Figure 2

The next screen (see Figure 2) asks if you need to use internet connection sharing to set your machine up as a gateway. If you do you will need to first click the check box to enable it and then select an interface for the other machines to connect to. If you need to use your machine as a DHCP server you will have to have that installed outside of Firestarter.

Once you have taken care of connection sharing (if it is needed) click the Forward button and you’re done. The last screen wants to know if you want to start the firewall immediately and has you save your configuration.

Figure 3

While Firestarter is running you will see a small icon in your notification area that looks like a blue circle with a right-pointing triangle. If you click on that it will open up the Firestarter main window (see Figure 3). From this window you can Stop the firewall, lock the firewall, view the events log, edit both your inbound and outbound policies, and monitor active connections.

In order to monitor active connections expand the Active Connections listing which will list every connection made to and from your machine. In both the Active connections section and the Events tab you can right click an entry and take action. For instance, in the Active Connections section you can right click an entry and look up the hostname of that entry. In the Events tab you can do more. If you right click an entry in the Events tab you can do the following:

• Allow connections from source.
• Allow inbound service for everyone.
• Allow inbound service for source.
• Disable events from source.
• Disable events on port.
• Lookup hostnames.

Finally, in the Policy tab, you can right click any blank area and add a rule that will apply to a connection from a host or to a port/service. When you go to add a rule you will only need enter the IP address (or domain) and then add a comment.

Final thoughts

Firestarter makes the often daunting task of creating a firewall for a Linux machine simple. If you have ever dealt with iptables you will understand when I say this is a huge relief for desktop users who do not want to take the time to learn to use the underlying technology.

Related posts

• Build a Quick and Reliable Firewall with fwbuilder (3)
• Use this iptables script for Web/Mail server security (2)
• Configure a Linux Firewall with Webmin (1)
• Build a custom firewall with fwbuilder (0)
• Zonealarm Pro Firewall 2010 Promotion (5)

Wireshark also offers some really great tools that help to make your network analysis much easier. Two of these tools (Filters and Expert Infos) I will highlight in this tutorial.

Getting and installing

Wireshark can be found in your distribution repositories. To install it follow these steps:

1. Open up your Add/Remove Software tool.
2. Search for “wireshark” (no quotes).
3. Mark Wireshark for installation.
4. Click Apply to install.

Once installed you will find Wireshark in your Internet sub menu of your Applications or Start menu. You will notice there are two entries for Wireshark: “Wireshark “and “Wireshark (as root)”. The problem with the non-root version is that the standard user might not have access to the networking interface. Because of this you have two choices: give the standard user access to the interface, or run the root version of Wireshark. I generally just use the root version of Wireshark.

Starting a capture

Figure 1

When you first open up Wireshark you will be greeted by the main window (see Figure 1).

In this main window you will find everything you need to start a capture. Take a look at the row of icons under the menu toolbar. The second icon from the left is the icon you want to click to set up a capture. Clicking this button will

Figure 2

open up the Capture Options window (see Figure 2). In the Capture Options window you must configure, at minimum, an interface which to use for the capture. All available interfaces will be listed in the Interface dropdown.

Once you have selected your interface you can then go through the rest of the options window and set up your capture to fit your needs. After you have taken care of your configuration needs click the Start button and your capture will begin.

Filter your capture

Figure 3

As you can see, in Figure 3, for some people the capture information can be a bit overwhelming. There is a lot of data streaming by.

But say you only want to follow traffic going to and from your internal gateway. To do this click on the Filter button to open up the filter dialog. In this dialog you

Figure 4

are going to set up a filter that will filter out all traffic but that traffic seen by your gateway (see Figure 4). What you need to do is give the filter a name and then set the string. The best way to figure out the expression to use is to look at some of the examples. So for watching only a gateway at IP address 192.168.1.254 the filter string would be:

ip.addr == 192.168.1.254

With the configuration in place click the OK button and the filter will immediately be in place.

Expert Infos

Figure 5

During your capture you might not be able to discern what is going on with your network. That’s okay. There’s a tool available that will help you with that. If, during a capture, you click the Analyze menu and select the Expert Infos entry a new window will open up. This new window (see Figure 5) will give you a clearer picture as to what is going on with your network.

If this window doesn’t help out you can also go to the Expert Infos Composite which organizes Errors, Warnings,  Chats, and Details into separate tabs.

Final thoughts

Wireshark should be a tool you use. And after using this analyzer you most likely will find it becoming your “go-to analyzer” for day-to-day needs. Wireshark is simple, powerful, and free.

Related posts

• Microsoft Network Monitor (4)
• Network Security Software Bothunter (1)
• Network Security Analysis With Network Miner (5)
• Network Monitor Experts Extension For Microsoft Network Monitor (2)
• Home Network Router Security Secrets (0)

That was then, this is now and in the now there are graphical front ends to help you build a firewall without having to issue a single command from the command line. One of those tools is fwbuilder. The fwbuilder tool builds iptables rulesets but does so by treating each element of the individual rule as an object, a service, or a time. Objects are addresses. Services are protocols or (as the name implies) services. Time is just as it says, time (such as day of the week or a specific time.)

To start up fwbuilder you will find the menu entry in Applications | Administration (under KDE) or in System | Administration (under GNOME). When you fire up fwbuilder you might find yourself thinking “Where do I start?” The first thing to do is go to the File menu and select New Object File. You have to give your object file a name and then save it.

fwbuilder new object

Once you have done this you are ready to start building. As you can see, in the image to the left, the drop-down icon to the left of the User drop-down is what you click to insert a new object into your object file. Click that drop-down to reveal the list of all object to insert.

The first object you must insert into your object file is the Firewall. When you select that a wizard will open up asking for a name for your firewall, what software will run the firewall, and what OS the firewall will run on. I will name my firewall “Example_Firewall”, I will choose iptables from the software list, and Linux 2.4/2.6 for the OS.

Template Chooser

Now, if you want to go the really easy route you can select to insert preconfigured template for your firewall. If you select this you will have to choose your template. Once you have taken care of this information click Next.

Once you click next you will see a list of different templates available. Each template serves a different purpose. As you click on each template a full description will reveal itself in the bottom pane.

After you select the proper template click the Finish button. Now fwbuilder will be open so you can view your template.

Ready To Insert Objects

The first thing you can do is expand the name of the firewall (in my example I would Example_Firewall) and select the object you want to view. Say you want to view the Policy of this firewall (remember this was created from a template so there are already rules applied). To do this click the “Policy” listed (once you expand the firewall) which will reveal the policy in all its glory.

fwbuilder policy editor

Because this is a template you can not edit the objects. This is one of those that you chose based on a specific, yet simple, need.

In the image to the right you can see the details of the policy included with the single interface firewall template.

If you want to create a custom firewall you would go through the same process but, at the point where you are defining your firewall you wouldn’t choose the Preconfigured Template. Instead you would leave that option unchecked and then, in the next window, choose to “Configure Interfaces Manually”. At this point you would add objects as needed and configure those objects to suit your needs.

Once your firewall is built you must then save the firewall, compile the firewall, and install the rules. Here’s the kicker with configuring your firewalls manually. You will need to know the MAC addresses of your interfaces. Fwbuilder has built in SNMP discovery which will help to map out the various interfaces on your network. To use that tool go to the Tool menu and select Discovery Druid. This tool should keep you from having to manually find and associate MAC addresses.

Final Thoughts

The fwbuilder tool is an outstanding means of creating firewalls for any situation. This article gave you a cursory glance at this powerful tool. Give it a try and build a firewall. Try the templates and, once you are familiar with the tool, build your very own customized firewall.

Related posts

• Firestarter: Simple to use, powerful desktop firewall (6)
• Configure a Linux Firewall with Webmin (1)
• Use this iptables script for Web/Mail server security (2)
• Build a custom firewall with fwbuilder (0)
• Zonealarm Pro Firewall 2010 Promotion (5)

The main purpose of Network Miner is data collection for future analysis (such as forensic evidence analysis) rather than collecting data regarding the traffic on the network. Information are grouped by host rather than by packets or frames although it is possible to switch the view modes easily in the software interface.

Network Miner can – among other things – extract files and certificates transferred over the network. This can be used to save media files that are streamed across the network.

Another interesting ability is the extraction of user credentials – that is usernames and passwords for supported protocols which are then displayed in the credentials tab in Network Miner.

Related posts

• Network Monitoring Software Open Monitor (27)
• Internet Maniac Networking Software (2)
• Xkcd Comic Wallpaper Changer (2)
• Windows Tabbed Browsing (4)
• Windows Run Aliases (8)

The software has been designed to discover communication patterns that are typical for malware infected computers. While Bothunter has been designed as a network security software that can analyze the traffic of the network it can also be used to analyze a single computer or basic home network.

Bothunter is supplied as a Linux or Windows version. The Linux version comes as a installation but also in form of a live CD that can be used from any computer that is capable of booting from CD and compatible with Ubuntu Linux.

Bothunter needs some configuration in the beginning. Most home users will only need to enter the local network IP which they can discover this way:

Click the Windows desktop Start Menu, Control Panel, Network Connections. Find the local area connection that is “Connected”. Double click the connected network icon. Click the Support Tab. Your IP address will be listed.

Optional data like the IP address of SMTP servers or DNS servers can be entered if they are used in the computer network. Home users usually leave these information blank. The only other information needed is the network adapter that should be used to scan and analyse the computer network.

Once that is done the network security software will scan the computer network in two minute intervals and display any potential bot infection in the interface.

Related posts

• Computer Security Software ESET SysInspector (3)
• Windows Vulnerability Scanner (4)
• Windows Process Blocker SPKiller (1)
• Windows Process Blocker (9)
• Use Wireshark to track your network behavior (3)

Those people normally get the wireless router up and running and forget / don´t know about the security risks involved. If the router is not thoroughly secured others might use it to surf the web itself and do things far worse than that. It´s basically a free connection to the internet (and probably your pc as well).

The informit.com article Home Network Router Security Secrets gives advice how to reduce the security risk. Its 11 chapters address each a certain security risk and give tips on how to avoid or reduce the risk. For example chapter one “Turn off UPnP” advises you to turn of the universal plug and play service.

A Trojan horse or virus on a computer inside your network could use UPnP to open a hole in your router’s firewall to let outsiders in.

If you are using a wireless router make sure you read the article, it´s worth the time.

Related posts

• Open Ports 1.0 (2)
• Yahoo marks dangerous search results (4)
• Wordpress Remote Admin Password Reset Vulnerability (13)
• Wireless Hotspot Hacks (1)
• Windows Worms Door Cleaner (2)