En previous articles We talked about the importance and need to have adequate protection elements for our data and programs. Now we will talk about the types of computer security tools.
In the past, it was believed that installing Linux protected against any type of attack, however, the extent of its popularity in the government and corporate sectors made it a target for cybercriminals.
Types of computer security tools
We already explained in previous articles that there are two types of attacks: those that target software vulnerabilities and those that seek to exploit people's psychological characteristics. These tools are in charge of protecting both the hardware (computer systems and the networks that connect them) and sensitive information such as access data from both types of attacks.
Firewall
They are the computerized version of customs since monitors network traffic going in and out of and to a local computer or network and an external network. It does so by applying a set of policies (Predefined Rules) to prevent unauthorized access and the execution of malicious software.
The aforementioned policies determine what traffic can pass through it based on criteria such as protocols, IP addresses or applications.
The traffic analysis methods applied by firewalls are:
- Packet filtering: It is the method that we described above, each data packet is analyzed according to the established criteria and according to them they decide if they pass or not.
- State inspection: The decision to allow a packet to pass through or not is based on monitoring the connection to the source of the packet.
- Application layer firewalls: These are more advanced filters that at the application level inspect packets focusing on specific applications and devices.
Some firewalls for Linux
IPFire
Built from Linux From Scratch (A framework for building Linux distributions from scratch) this distribution Linux allows a large number of devices such as the Raspberry Pi to be used as firewalls.
The installation process is very easy and intuitive since the different configurations are divided into items identified by colors. Green is reserved for computers connected to the local network, while red refers to the Internet. In order for traffic to go from red to green, you have to specifically authorize it.
With distribution you can also detect intrusions and build local private networks.
Uncomplicated Firewall (UFW)
It is the software that you probably have installed on your Linux distribution or that you will find in the repositories. Its name literally means uncomplicated firewall.
Its operation is based on the Netfilter framework that is included from the factory in the Linux kernel. A suite of commands known as iptables is used to configure Netfilter.
Ufw is then a frontend to iptables that makes it easy to manage netfilter, by using a command line interface to manipulate the firewall. This interface is very easy to use for both novice users and professional administrators.
It is possible to use it in conjunction with a graphical interface.
shore wall
shore wall it is similar to UFW in that it does not require the use of hardware or virtualization solutions to work. It also works over Netfilter.
To establish the operating requirements, configuration files are used that the program will be in charge of applying using iptables.
It is an ideal tool for computers with little memory since once the configuration process is finished it does not need to continue working. However, its flexibility and power have the counterpart that it is not the easiest to use.
pfsense
Another firewall installed in a distribution, this time from FreeBSD. It can be used at the router, DHCP or DNS server level.
Its configuration is done from a web interface and it has excellent documentation as well as commercial support.
In the next article we will continue talking about other security tools for Linux.