Taken from The Complete Redhat LINUX Installation Guide 5.2:

... Back in August of 1991, a student from Finland began a post to the comp.os.minix newsgroup with the words:

Hello everybody out there using minix - I'm doing a (free) operating system (just a hobby, won't be big and professional like gnu) for 386(486) AT clones.

The student was Linus Torvalds, and the "hobby" he spoke of eventually became what we know today as Linux. ...

Linux has become a popular operating system on the UND campus. It has also become a popular operating system to hack. We have had multiple attacks on a few of our systems. Here are a few things that I'd like to pass along.

We have installed Red Hat v5.1 on a few machines and although it is easy to install, the installation leaves the machine 'wide open' to the internet. As a security measure, most network services under Red Hat are managed by a protective program called a TCP wrapper. The protected services are those listed in /etc/inetd.conf that specify /usr/sbin/tcpd. tcpd can allow or deny access to a service based on the origin of the request, and the configuration in /etc/hosts.allow and /etc/hosts.deny. By default Red Hat allows all service requests.

If you are going to use your linux box as a server or plan on leaving your machine up for long periods of time, I would suggest adopting a "mostly closed" policy when configuring the tcp wrapper.

The "mostly closed" policy is implemented with a trivial deny file:

This denies all service to all hosts unless they are permitted access by entries in the allow file.

The explicitly authorized hosts then listed in the allow file. For example:

The first rule permits access from hosts in the local domain (no '.' in the hostname) and members of the some_netgroup netgroup. The second rule permits access from all hosts in the foobar.edu domain (notice the leading dot), with the exception of terminalserver.foobar.edu.

Tcpd can allow much more sophisticated access control, using a combination of hosts.allow and hosts.deny files. Read the tcpd(8) and host_access(5) man pages for complete details.

If possible, only allow host access from the LOCAL domain. If you do need to have external access to your machine, try to specify the exact ip address of those requesting access or specify a range of addresses i.e. .und.nodak.edu. This will at least narrow the range of possible attacks to your machine.

We found that most of the attacks on our machines happened from outside the .und.nodak.edu domain.

There are other security steps that can be taken to prevent a possible attack but correctly configured hosts.allow and host.deny files will go a long way in protecting your network connected workstation.