218

Chapter 7     Miscellaneous Tools

7.3.2

Blocking Access to the Web Server on the Firewall

Another method is to block access to your web server from the firewall so that

nobody from the Internet can access the web server. Again this scheme is still vulnera 

ble to internal users.

7.3.3

Using iptables

Another way is to use 

iptables

 to allow only your own computer to access port

80 on the web server. This is the most secure method because it protects your web

server and ACID from both internal and external users. You can use a simple command

to block all incoming connections except your own workstation, which has an IP

address 192.168.1.100.

iptables  A INPUT  s ! 192.168.1.100  j DROP

The command is case sensitive. This command blocks all connections except ones

from host 192.168.1.100, which is your own workstation where you use the web

browser. This is not a comprehensive tutorial on how to use the 

iptables

 command.

You can either use the  

man iptables

  command to get more information about ipt 

ables based firewalls or read Rusty's guide for iptables at http://www.netfilter.org/unre 

liable guides/packet filtering HOWTO/index.html.

Once you use the above command, nobody from any other host will be able to

access ANY service on the machine where you used this command. All existing con 

nections will be dropped. You are warned!

7.4 Easy IDS

Easy IDS is an integrated system available from http://www.argusnetsec.com for the

Linux operating system. It has all of the necessary components to build a complete IDS

quickly. These components are precompiled and configured for easy installation. The

package includes:

  Snort

  Apache Web server

  MySQL  server

  ACID

  PHPLOT

  ADODB