Why you need a firewall

David Kramer david at thekramers.net
Mon Oct 28 11:18:45 EST 2002 

On Monday 28 October 2002 10:19 am, Kent Borg wrote:
> On Thu, Oct 24, 2002 at 11:48:47AM -0400, David Kramer wrote:
> You are confusing "firewall" with "secure machine".  The two are not
> the same.  I agree it is important to run a secure machine to avoid
> becoming a zombie that could be used to attack others.

Excellent point.  And one I should have thought of, since my first attempt 
(years ago) at putting a Red Hat 5.0 box online with a cablemodem ended 
abruptly when I was hacked into after only five days.  After that, I learned 
how to do it right, and I haven't been hacked into since.

> But last night, after I had gone upstairs for the night, I went back
> downstairs to turn off the kitchen computer; I had recently installed
> Red Hat 7.2 (experimenting with raid, wanted to see how 7.2 behaves)
> but had not installed the security updates.  Sure, it was behind a bit
> of a firewall, but firewalls are not perfect.  No reason to leave it
> up for hours and hours of possible probing.

That is the important step I was missing.  While UNIX as a whole is structured 
to make getting permissions you are not supposed to have much harder, bugs in 
software that allow it are found all the time.  Constant vigilance is 
essential.  Fortunately, this is easy, as Red Hat runs several mailing lists 
that will tell you when there are updates.  But you have to do it.

> How up to date is your firewall?  How complete is its protection when
> it is working correctly?  ...  You had better have your computer up to
> date too, and if you do, the need for a firewall is much less.  A
> firewall that offers a false sense of security is possibly worse than
> no firewall.

No castle was ever built with only one level of defense, and servers shouldn't 
either.  Quite true.  I even used to have trap doors on my system that would 
kill your shell if you didn't issue a particular command within one minute of 
logging on (now I just turn it on when I'm away from home and may not find 
intruders right away).

Firewall configuration is important too, as you said.  Especially shutting 
down SMB and X protocols.  I get a few dozen hits a week with Netbios packets 
and SMB stuff.  I had some friends over for the weekend recently.  One wanted 
to check their mail, but couldn't because I had outgoing POP disabled at my 
firewall.  He asked why, and I said I use IMAP.  He couldn't understand why I 
would block an outgoing port.

If you are using IPCHAINS (not IPTABLES), there's a pretty good web-based 
firewall script generator offered by Robert L. Ziegler at 
http://www.linux-firewall-tools.com/

Thanks for expanding on my post, Kent.

-------------------------------------------------------------------
DDDD   David Kramer                           http://thekramers.net
DK KD  
DKK D  "Before you criticize someone, you should walk a mile in
DK KD  their shoes.  That way, when you criticize them, you're a
DDDD   mile away and you have their shoes."                      ??

More information about the Discuss mailing list