Why you need a firewall

[nmeyers at javalinux.net (Nathan Meyers)]

On Thu, Oct 24, 2002 at 01:42:32PM -0400, Derek Atkins wrote:
> Chris Tresco <rardoe at rarcom.com> writes:
> 
> > You could argue the same for a Windows box... if maintained correctly ,
> > it doesn't need a firewall.  But alas... 
> 
> No, there is just no way to secure SMB on a windows box, and frankly
> there is no way to know what apps are "autorun" on a windows box.
> I've heard of applications that install _AND RUN_ IIS for you,
> automatically!  Which means you may not even know you're running it.
> 
> That would/could never happen on Linux.  There are secure file
> systems, secure network authentication systems, and service lockdown
> methodologies for Linux (and BSD, and Solaris, and...) which results
> in a MUCH more stable and secure operating environment.
> 
> In general, firewalls only get in the way and reduce productivity.
> There are a _few_ cases where a minimal packet filter is useful.

Most machines involved in DDOS attacks aren't run by folks whose computer
literacy remotely approaches that of this crowd. Firewalls certainly
aren't the last word in keeping your and my machines out of DDOS attack
squadrons - mainly because most of us do a good job of protecting all
the machines we run, Linux and otherwise.

But if you were to recommend a single, easy-to-grok countermeasure to
be taken by the great unwashed, getting simple-to-use firewalls onto or
in front of those zillions of unprotected machines would go a long way
toward preserving truth, justice, and the Internet Way.

Nathan Meyers
nmeyers at javalinux.net


> -derek