Provide a written description of firewall rules that you would implement for a public-facing Linux/Unix system providing a website and secure file upload.

Firewall rules are normally created for allowing the computer to send or receive the traffic, programs, users and system services. They are also created for allowing the connection through the use of internet protocol security (IPSec) or block the connection. (Microsoft TechNet, 2009)

            The firewall rules that can be implementing for a public facing Linux/Unix system will be iptables. They are firewall/Nat package running on the Linux system. They are used for maintaining and inspecting the tables of IP packet filter rule inside a Linux/Unix system. The table contains number of chains which are built-in, and also a list of rules and have relation with the packets of data travelling through the internet into the Linux system.

            The main focus of the firewall rules specifies on packet and a target. The next chain will not be examined if the packet does not match. The Iptable consist of six table format which are filter, nat, mangle, forward, raw and output which goes on a sequence order. The L-command will allow the system user for the current rules of the Iptable.

            Most of the times the rules which are set into the iptables enable the port 80 and 443 which enable the HTTP and HTTPS in a Linux/Unix system. Similarly, the tcp port and other ports, which are connected with tcp can be used for ftp (file transfer protocol). This process will activate the administrator in webfile system for uploading files into the designated server. Further there is another port 22 that is used to access the secure shell (SSH) into the Linux/Unix system. (Bartosh and Fass, 2005).

            The secure shell can be changed for the security purpose for the future onto which some warn should be applied according to the iptables rules. If the secure shell is not set properly than the designated server will reject the clients transferred data.

References:

- Bartosh and Fass 2005. Essential Mac OS X Panther server administration.

- Charlotte Brookes, 2007, IBM system storage Business continuity Solutions overview.

- James Michael Stewart, 2008, Certified information system security professional study guide.

- Jared Allar, 2011, Oracle Solaris 10 password hashes leaked through back-out patch files, retrieved from https://www.kb.cert.org/vuls/id/648244.

- John R. Vacca 2007, Practical internet security, retrieved from https://www.kb.cert.org/vuls/id/362983.

- Mariusz Bardach, 2004, detecting rootkits and kernel-level compromises in Linux, retrieved from http://www.symantec.com/connect/articles/detecting-rootkits-and-kernel-level-compromises-linux

- Microsoft Tech net, 2009, Under standing firewall rules, retrieved from http://technet.microsoft.com/en-us/library/dd421709(WS.10).aspx

- Peter Enseleit, 2007, hardening your system with Bastille Linux, reterived from http://www.linux.com/archive/feed/118353.

- Syngress, 2007, hardening the Operating System, reterived from http://media.techtarget.com/searchEnterpriseLinux/downloads/466_HTC_Linux_02.pdf

- Talking business Continuity, 2008, retrieved from http://www.talkingbusinesscontinuity.com/starting/what-is-business-continuity-management.aspx 5.

- Timothy Rooney, 2011, Ip address management principles and practice, willy –IEEE

- Vugt S. 2007, Beginning Ubuntu Server administrator.

- Will Dorman, 2011, Oracle outside in contains exploitable vulnerabilities in Lotus 123 and Microsoft CAB file parser , retrieved from https://www.kb.cert.org/vuls/id/520721