BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Why you need a firewall

Subject: Why you need a firewall
From: warlord at MIT.EDU (Derek Atkins)
Date: 24 Oct 2002 13:42:32 -0400
In-reply-to: <1035477094.26716.42.camel@wasabi.rarcom.com>
References: <200210241148.47623.david@thekramers.net> <1035475107.26716.22.camel@wasabi.rarcom.com> <sjmsmyver5w.fsf@kikki.mit.edu> <1035477094.26716.42.camel@wasabi.rarcom.com>

Chris Tresco <rardoe at rarcom.com> writes:

> You could argue the same for a Windows box... if maintained correctly ,
> it doesn't need a firewall.  But alas... 

No, there is just no way to secure SMB on a windows box, and frankly
there is no way to know what apps are "autorun" on a windows box.
I've heard of applications that install _AND RUN_ IIS for you,
automatically!  Which means you may not even know you're running it.

That would/could never happen on Linux.  There are secure file
systems, secure network authentication systems, and service lockdown
methodologies for Linux (and BSD, and Solaris, and...) which results
in a MUCH more stable and secure operating environment.

In general, firewalls only get in the way and reduce productivity.
There are a _few_ cases where a minimal packet filter is useful.

-derek

> On Thu, 2002-10-24 at 12:29, Derek Atkins wrote:
> > Yes, but the vast majority of those probes are against Windows..
> > Yes, you need a firewall to protect the Internet from Windows (no,
> > I do not look at it the other way around! ;)
> > 
> > However, I still maintain that a properly-maintained Linux box does
> > not need a firewall.
> > 
> > -derek
> > 
> > Chris Tresco <rardoe at rarcom.com> writes:
> > 
> > > Something to add...
> > > 
> > > A lot of users out there would be absoltely flabberghasted (sp?) at the
> > > number of times per day my linux box acting as a router/firewall for my
> > > ATT Broadband cable connection is probed or attacked.  I run snort to
> > > log these things... I honestly get at least 100 attack attempts and
> > > probes per day.... it only takes one of these to work successfully for
> > > someone to be compromised.
> > > 
> > > 
> > > 
> > > On Thu, 2002-10-24 at 11:48, David Kramer wrote:
> > > > I'm sure most of you heard that on Tuesday, the internet's root DNS servers 
> > > > were crippled by a Denial Of Service (DOS) attack, where the machines were 
> > > > flooded with endless garbage IP packets so the real DNS requests couldn't get 
> > > > through.
> > > > 
> > > > What I recently learned, though, is this was really a Distributed Denial Of 
> > > > Service (DDOS) attack.  That means that hackers hacked into hundreds of other 
> > > > peoples' home computers and then remotely commanded them all to attach the 
> > > > root DNS servers at the same time, probably without the owners' knowledge.
> > > > 
> > > > What I'm trying to point out here is that it's easy to say "well, I don't have 
> > > > any important data on my machine hooked up to a cablemodem or DSL line, so I 
> > > > don't need a firewall", but that doesn't mean your machine can't be used by 
> > > > hackers to hurt others.
> > > > 
> > > > -------------------------------------------------------------------
> > > > DDDD   David Kramer                           http://thekramers.net
> > > > DK KD  
> > > > DKK D  "Where's the kaboom?  There was supposed to be an
> > > > DK KD  earth-shattering kaboom."
> > > > DDDD                                           - Marvin the Martian
> > > > _______________________________________________
> > > > Discuss mailing list
> > > > Discuss at blu.org
> > > > http://www.blu.org/mailman/listinfo/discuss
> > > > 
> > > 
> > > 
> > > _______________________________________________
> > > Discuss mailing list
> > > Discuss at blu.org
> > > http://www.blu.org/mailman/listinfo/discuss
> > 
> > -- 
> >        Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
> >        Member, MIT Student Information Processing Board  (SIPB)
> >        URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
> >        warlord at MIT.EDU                        PGP key available
> > _______________________________________________
> > Discuss mailing list
> > Discuss at blu.org
> > http://www.blu.org/mailman/listinfo/discuss
> > 
> 
> 
> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://www.blu.org/mailman/listinfo/discuss

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord at MIT.EDU                        PGP key available

Follow-Ups:
- Why you need a firewall
  - From: rardoe at rarcom.com (Chris Tresco)
- Why you need a firewall
  - From: dsr at tao.merseine.nu (-dsr-)
- Why you need a firewall
  - From: nmeyers at javalinux.net (Nathan Meyers)

References:
- Why you need a firewall
  - From: david at thekramers.net (David Kramer)
- Why you need a firewall
  - From: rardoe at rarcom.com (Chris Tresco)
- Why you need a firewall
  - From: warlord at MIT.EDU (Derek Atkins)
- Why you need a firewall
  - From: rardoe at rarcom.com (Chris Tresco)

Prev by Date: Why you need a firewall
Next by Date: Why you need a firewall
Previous by thread: Why you need a firewall
Next by thread: Why you need a firewall
Index(es):
- Date
- Thread


BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Boston Linux & Unix / webmaster@blu.org