Originally posted by: Adn4n
So I decided to finally dedicate some time to Unix. I chose Kubuntu due to its KDE interface which I am more familiar with. There are a few basic questions I have.
cool
Should a firewall be used when using Kubuntu? If yes, what is a good choice(Freeware or $$$ware)? Also I read about a GNOME based firewall called Firestarter, will this work with the KDE interface?
The Linux kernel comes with a effective firewall and routing mechanisms built-in. What firestarter and similar things do is simply a front end to configure iptables/netfilter effectively.
You can use firestarter if you want. It will work. I've used it in the paste and it seemed fine.
Generally a firewall is not actually needed though. What is much more effective is eliminate services, or especially limit, any services that listen to the external network. You'll want to use firewalls sometimes for servers to try to counteract things like DOS attacks or do advanced configurations with VPNs and such.
With Windows it's actually pretty difficult to do that so that is why with Windows it's best to use a firewall.
Also if you want to be lazy and play around with stuff without having to properly configure it (like you want to play around with mysql or whatnot) then a firewall is handy.
To find out what your machine is running, in a effective way, there are a couple different methods.
First off you should use nmap to scan your machine from another machine if that is possible. This shows what is listenning were.
To see what service is listenning locally you can use the netstat command.
It goes like this:
netstat -ap --inet
That will present several collumns of information.
The first collumn to look at is the 'Local Address' one. This shows what address the proccesses are listenning in on.
The ones that are using 'localhost' are mostly harmless. They are only listenning to your loopback interface and are innaccessable from the network.
The ones to watch out for are like things like *:ipp or whatnot. This means they are listenning in on all interfaces and are accessable from the network. Also any of them that show your computer's IP address (or network DNS name) is listenning in on the network. So those things you have to be carefull about because they can be a avenue of attack for a cracker.
If you see a service listenning to * or to your ip address then you'll want to investigate furthur.
If you have a 'Foreign Address' that is not *:* and for the TCP protocols they are in the 'state' 'ESTABLISHED' and not 'LISTEN' this means that this is a established connection with another computer. So those are temporary.. like having a ssh proccess in Established mode means that somebody has used ssh to either connect to your machine or is trying to connect at the login prompt.
The last collumn has the PID number and Program name. If you don't want that proccess to be listenning then you can use the program name to make it easier to uninstall the service.
For instance nmbd and smbd and those are part of SAMBA. If you don't want to share out files from your ocmputer using smb then this would be a very good idea to uninstall that service...
sudo apt-get remove samba
So you'll have to decide weither or not you'll want to keep them. Some stuff is important, like that *:ipp is for the CUPS daemon and it allows network printing using the IPP protocol. So you may want to keep that if you want to do network printing. Although if you don't want to do network printing then you can disable it from listenning to * and just have it run on localhost, of course this requires you to know how to configure CUPS. If you don't know how to do that then a firewall may be handy.
So it goes like this... generally for a desktop the best practice is:
1. Eliminate things from listening to the network. If nothing is listening to the network then your machine will be immune to any network-based attack.
2. If that is not possible or is to much of a PITA then a firewall blocking all access is the next best thing.
3. If you do need or want to have services then you'll want to be very carefull about them and keep them up to date with the latest security fixes.
If you have everything disabled or you only have what you want listenning to the network then a firewall is mostly redundant unless your doing something fancy.
Hope that makes sense.
Also, how will the memory usage on the 64-bit version compare to the 32-bit version? Is it double?
No, not double. It'll use more ram, definately. If your dealing with a pure 64bit system and you have over 2-4gigs of RAM then 64bit would probably be very cool. The amount of extra ram you'll use is going to be relatively small.
But lots of stuff like propriatory games and flash require 32bit support, unfortunately. This means to run 32bit support + 64bit support then your using up ram to hold both versions 32bit and 64bit of various libraries and such.. so that uses even more ram.
So unless your running over 4 gigs of RAM then 32bit is probably just going to be easier unless you have special requirements.
I currently don't have a partition on my hard drive. And am I assuming correctly that Kubuntu will automatically create one from the free space I have on it?
That should be taken care of during the install.
Make sure you have everything important backed up on your Windows install. There is always a element of danger when resizing partitions and such, so backups are a must if you want to be safe and care-free.
Can I access my files on the Windows partition when using Kubuntu?
Ya. the best way is to use the FUSE-based ntfs-3g driver. I am sure that there are nice Ubuntu howtos on that and I wouldn't be suprised if it's used by default.
Very basic questions. I found some answers but I wanted to be certain before I proceed. Thank you guys in advance for your help.
Hope you find it helpfull.
Facebook
Twitter