KISS My Firewall 2

Keep It Simple Stupid!

Updated to v2.1 on February 12, 2008

KISS My Firewall is a FREE iptables script designed for a typical web server. It takes advantage of the latest firewall technologies including stateful packet inspection and connection tracking. It also contains some preventative measures for port scanning, DoS attacks, and IP spoofing, among other things.

It was designed from the start for ease-of-use and installation. Unlike some firewall's, KISS My Firewall is contained entirely within one file. Blocking one or more IP addresses is simple and changes take effect by simply restarting the script.

KISS My Firewall 2 is very easy to install and does not require any initial configuration. It will work with any stock installation of Ensim WEBppliance Basic & Pro, Plesk, and Webmin. Cpanel installations require some modifications.

By default, the following ports are open on the INPUT chain: FTP, SSH, SMTP, DNS, HTTP, POP3, IMAP, HTTPS, MySQL, Secure IMAP, Secure POP3, Ensim WEBppliance Basic/Pro, Webmin, and Plesk. Open ports on the OUTPUT chain include: FTP, SSH, SMTP, RDATE, WHOIS, DNS, HTTP, HTTPS, and OPENSRS.

KISS My Firewall can be configured to work with or without any port you choose and has support for trusted IP addresses and subnets. The firewall is also very easy to customize. It only takes a few changes to the variables to protect a dedicated DNS, MAIL, or FTP-only server.

Since KISS My Firewall uses stateful packet inspection as well as connection tracking, it does not need to explicitly open all of the unprivileged ports for passive mode FTP or port 20 for active mode FTP. This makes the host server much more secure. In addition, KISS My Firewall explicitly REJECTS port 113 (inetd) when needed.

HOW TO: Install KISS My Firewall

When logged in as root ( "su -" ), type:

cd /usr/bin
wget http://www.geocities.com/steve93138/kiss-2.1.tar.gz
tar zxvf kiss-2.1.tar.gz

That's it! To get it running anywhere on the command line, you simply type:

kiss start

To stop the firewall, type:

kiss stop

To get status information, type:

kiss status

If you want to block an offenders IP address/subnet, simply edit the BLOCK_LIST variable in the /usr/bin/kiss file. You can separate IP addresses and subnet's with a space. Once you are finished, simply restart KISS by typing:

kiss restart

Last, but not least, it is recommended that you configure the firewall to allow only for needed ports. Using trusted IP addresses/subnets is also recommended. These variables are located near the beginning of the /usr/bin/kiss file and are self-explanatory. Once you make changes, you should always restart KISS for the changes to take effect:

kiss restart

What's New in Version 2?

The biggest change is that it does not require any initial configuration. With version 2, you won't automatically lock yourself out of your server unless you set some of the variables incorrectly. It also does extensive error checking and is distributed as a tar file. This solves a lot of the issues that were present with the older version. In addition, version 2 is highly configurable and was tested to work with the latest version of iptables - version 1.2.8.

Happy Firewalling!

SecureBackup™
Secure, Offsite, Remote, Online Data Backup

SecureBackup.com is promising to open it's doors for Data Backup sometime in August of 2008. Here's some highlight's I pulled from their website:

SecureBackup Features and Benefits

Secure Backups

* Unbreakable 256-Bit AES File Encryption. This is the same level of encryption used by the U.S. Government to protect classified information.
* SHA-256 Password Encryption meets new National Security Agency (NSA) Standards.
* Uses Secure TLS/SSL backup server connections to guard against "Man in the Middle" attacks.
* Stateful Packet Inspection (SPI) Backup Server Firewalls.

Faster Backups

* Smart File Synchronization feature only backs up data that has actually changed.
* Our proprietary compression algorithm improves backup performance.

* Intuitive Interface - Get started in as little as 5 minutes.
* File Exclusions - Backup only the types of files you need to backup.
* Backup on demand, anytime.
* Set up an optional, automatic backup schedule.

* Simple "set it and forget it" interface.
* Fully automatic or backup on demand.
* No clumsy tape drives, optical drives, flash drives, or CD±R / DVD±R media required.
* No trips to a Bank Safe Deposit Box.
* No Fire Safes required.

* Thorough backup file verification is performed prior to uploading to ensure data integrity.
* Unlike some backup solutions, SecureBackup™ does not rely upon faulty archive bits within the Windows operating system.
* Our backup software keeps you informed of your backup space usage.

* Fully Redundant Network with Multiple Gigabit links to the Internet.
* Fireslayer™ Anti Denial of Service (DOS) Protection .
* TippingPoint Intrusion Prevention System (IPS).
* Closed circuit monitoring, card key access, and 24 hour guard manned security.

SecureBackup FAQ

How secure are my backup files?

Your backup files are encrypted using the Advanced Encryption Standard (AES) algorithm. AES is the new encryption standard currently in use by the U.S. government to protect classified information. SecureBackup™ uses this same encryption method for protecting your files.

Unlike Internet security, file encryption is not something that can be "hacked" or compromised. Not even the best cryptographer can decrypt and read your backup files. The only way that your backup files can be read is if they were decrypted and the only way to decrypt your backup files is with your password.

Is my password stored online or anywhere else?

No, we do not store your password online or anywhere else. This means that even if our systems were compromised, nobody would be able to retrieve your password and decrypt your backup files.

Can you view or read my backup files?

No, we do not have your password and therefore can not view or read your backup files.

Do you know what my password is?

No, we do not know what your password is, nor can we retrieve it because we do not have a copy of it.

Will you ever ask me for my password?

No, we will never ask you for your password. The only time you need to provide your password is when the SecureBackup™ software starts up. Please do not give your password to anyone under any circumstances no matter how genuine the request may seem.

What happens if I lose my password?

As outlined in our Terms of Service, you are ultimately responsible for remembering your password.

Our service is so secure that if you lose your password you will not be able to restore your backup files in the event of data loss. Please remember your password!

The only remedy that we can provide for a lost password is to let you change your password to a new one. Note that when your password is changed, all of your current backup files become obsolete and you will need to backup all of your files again because they will not be synchronized.

Why do I have to use an Account Key instead of a password to log in to my account online?

Requiring an Account Key instead of a password protects your password from potential "discovery". Although we secure login connections using Industry Standard 128-bit SSL encryption, the entire login process is only as secure as its weakest link. Hackers often exploit these weakest links. Using an Account Key approach bypasses all of that and removes the threat altogether.

How do I obtain my Account Key?

Simply right-click on the SecureBackup™ icon in your Windows System Tray (usually the bottom right hand side of your Desktop) and select "Account Key". Note that the easiest way to login to your account is through the link provided in the SecureBackup™ software.

Conclusion:

If you are like most small businesses, you just want to backup your critical business data and related files without any hassles. SecureBackup offers a safe, secure, and reliable online data backup solution. Get a FREE 30-Day Trial of SecureBackup today by visiting http://www.securebackup.com.