LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 10-11-2003, 12:14 PM   #46
leeach
Member
 
Registered: Sep 2003
Location: /dev/null
Distribution: FreeBSD 5.4, OpenBSD 3.7
Posts: 95

Rep: Reputation: 15

uhm ..yeah..
bottom line, Use a firewall if your not a fool.. lol
 
Old 10-11-2003, 06:16 PM   #47
mymojo
Member
 
Registered: Oct 2003
Distribution: Slackware 9.1
Posts: 176

Rep: Reputation: 30
Ever considered this as flame bait?
 
Old 10-11-2003, 08:20 PM   #48
darkseed2g3
Member
 
Registered: Sep 2003
Location: Philadelphia ,Pa
Distribution: Fedora Core 1 BABY !!! YEA
Posts: 67

Rep: Reputation: 19
I beleive setting up a firewall is a security precaution . And of course you get the learning experience i mean seriously think bout it, especially if you wanna be a network admin or an IT or something . The more knowledge you have of securing systems the more job market you have. My personally on my gateway/router machine i have ipchains and portsentry installed and working at 100% and i can still play my games and use my file transwer functions with my messenger services. So it is possible to have a very secure system and be able to use all of your programs. I mean lets look at my setup

Portsentry -> a program that log and detects a portscan and os fingerprint. Giving the attacker/scanner/cracker bogus info and then putting them on a block list completely taking away any access to me. And they have no way of ever attacking me from that same ip.

IPtables -> i have so much shit blocked that i dont need, like most pop up servers so i didnt have to waste money on stupid shit. Cause my windows machine is attached to my server.

But if you cant handle setting up a good system that is secure , then oh well on you. What i think is that you tried to , and couldnt handle it. Some kids cant, i know i couldnt at first but i didnt give up.
 
Old 11-05-2003, 09:51 PM   #49
strifel
LQ Newbie
 
Registered: Sep 2003
Distribution: redhat 9
Posts: 11

Rep: Reputation: 0
xylon where you born without a brain?

I am a security admin for a big financial company and you ...you are the dumbest person ever! Listen to youself.
 
Old 11-05-2003, 10:20 PM   #50
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,409
Blog Entries: 55

Rep: Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582
and you ...you are the dumbest person ever!
There really is no need to insult people, and trying to drive your point home using the sole argument he's "dumb" (your words, not mine) instead of offering good arguments, well that's dumb because you miss the point, it's dumb cuz it's counterproductive and it's dumb because you didn't take the chance to promote "safer" computing.

If you are a "security admin" then you should know, or inform yourself about, the things this community needs.
 
Old 11-11-2003, 09:40 AM   #51
TheIrish
Member
 
Registered: Oct 2003
Location: ITALY
Distribution: Debian, Ubuntu, Fedora
Posts: 137

Rep: Reputation: 15
Talking

Just one thing about this topic.
I've been into network setting up for 2 years and I saw things... I saw things... hard to believe and undestand.
A message to the people which are not using a firewall: PLEASE, DO USE A FIREWALL and if you can't configure yourself, look for help. It's not only for protecting your data, but also for protecting other people from you.
 
Old 11-11-2003, 02:06 PM   #52
markus1982
Senior Member
 
Registered: Aug 2002
Location: Stuttgart (Germany)
Distribution: Debian/GNU Linux
Posts: 1,467

Rep: Reputation: 46
I have not read the posts before but a firewall does not protect you really from today's internet. Securing should start at the base system (= hardening), and include service securing and after all - as a last step only a packet filter. Everything combined is good practice and works well.

I have not had a single incident (but a damn lot of attempts) since I secured the whole server structure of a couple of medium sized company networks...
 
Old 05-07-2004, 12:41 PM   #53
adiradu9
LQ Newbie
 
Registered: May 2004
Location: BUCHAREST
Distribution: MANDRAKE
Posts: 1

Rep: Reputation: 0
well friends, you all have an interesting point to share.
Eventually truth is like a diamond that stands in the center of a circle that we all form. So that everyone has A PIECE OF THE VIEW, but not all the diamond can be seen from only 1 point of the circle's shape. Eventually sharing all our views here enriches everyone of us to get a MORE COMPLETE OVERALL PICTURE of the subjects aproached.
I'm new here but I really like what I've read up to now (on the use(less) of fwl...for example)
 
Old 03-02-2005, 07:32 PM   #54
oldstinkyfish
Member
 
Registered: Nov 2003
Posts: 148

Rep: Reputation: 15
Quote:
Originally posted by dekket
Xylon said "there are no antivirus software for linux"
Xylon, have you ever visited freshmeat, the best website for free and open applications - ever? I mean, they got ads for antivirus software all the time - and dont think its for windows. Pfft, I suggest you get some know-how about what you're talking about before posting at a forum such as this.
My favourite antivirus for Windoze is Panda Antivirus , and they have a freeware version for Linux, No support mind you. Its not in Opensource spirit, but protection is more important , for me at least.
 
Old 03-02-2005, 08:32 PM   #55
mfrick
Member
 
Registered: Sep 2004
Location: Perth
Posts: 51

Rep: Reputation: 15
I run a firewall on the gateway to all my live machines and then also configure iptables on the individual linux servers just for some added security it is definately better to be safe than sorry. Actually for a bit of fun I don't mind port scanning the linux servers and the windows servers to make sure everything shows up fine.
 
Old 03-03-2005, 08:51 AM   #56
peacebwitchu
Member
 
Registered: Apr 2004
Distribution: Debian
Posts: 185

Rep: Reputation: 30
In some situations a firewall can be unneeded. For instance I have a server that runs one service that listens on the network and it must be accessible to the public. We don't have this machine behind a firewall and never have. We don't really need one because all a firewall would do is have a rule to allow everyone to this port. One problem we have is if someone does DOS us we don't have a way to block offending ip's. In this situation we would block them in a upstream router. This is the only case that we don't have a firewall protecting our servers all of the rest are strictly locked down. Even behind a firewall I feel you should lock your servers down as if they aren't behind a firewall. Harden everything and life is easier.
 
Old 03-03-2005, 07:47 PM   #57
jiml8
Senior Member
 
Registered: Sep 2003
Posts: 3,171

Rep: Reputation: 116Reputation: 116
I am reminded of a fellow I know who was adamant about firewalls for Windows. He is a knowledgeable fellow, and he insisted that they were unnecessary and placed a burden on the system.

He and I had many debates on this topic on another board (The Motley Fool). He said that securing windows by turning off file and printer sharing, disabling netbios, enhancing IE security, and running antivirus software was quite sufficient. His justification was that there were no extant exploits against Windows that managed to enter the system when those services were turned off; all exploits against windows required the user to do something stupid such as open an attachment, or came about through browser vulnerabilities which a firewall wouldn't protect against anyway.

My argument was that the fact there is no such exploit today doesn't mean there won't be one tomorrow, and a firewall was one layer in what should be a multi layer defense strategy. The extra layers provided protection against more things - including the possibility that the user made a mistake and, for instance, turned netbios on accidently.

We went round and round and never agreed.

Then the Blaster worm hit. Suddenly there was an exploit that entered a Windows system when it was connected to the internet, with the user needing to do nothing. My position was therefore fully justified, and he actually had the decency to admit he was wrong and reverse his position.

Running a firewall is not "the answer" to system security. It is one tool. Any prudent person will employ a number of tools, including a firewall, in the effort to keep systems clean, tidy, secure, and not zombified.
 
Old 03-10-2005, 01:28 PM   #58
Xylon
Member
 
Registered: Sep 2003
Location: Newfoundland, Canada
Distribution: Slackware 9.0
Posts: 44

Original Poster
Rep: Reputation: 15
jiml8,

I started this thread a long, long time ago and had forgot about it until I got an email notification that somebody had replied again. My point was a home user running Windows XP with an anti-virus, automatic updates, and possibly Firefox and an anti-spyware program does not need to have a firewall turned on. I have not changed my mind, I still don't use the Windows XP firewall (although the SP2 firewall is more friendly than the SP1 firewall).

The blaster worm is NOT a valid example, a patch was issued a MONTH before Blaster unleashed hell. Source: [The Security Bulletin]

Last edited by Xylon; 03-10-2005 at 01:33 PM.
 
Old 03-10-2005, 03:12 PM   #59
peacebwitchu
Member
 
Registered: Apr 2004
Distribution: Debian
Posts: 185

Rep: Reputation: 30
I don't know about that one. With the ever present 0 day exploits it would be good practice to have one. I assume you are not running any external listening programs ie file and print sharing etc...
 
Old 03-10-2005, 08:36 PM   #60
DDoSire
LQ Newbie
 
Registered: Mar 2005
Location: Auckland
Distribution: Fedora Core 1, 3, RH9, SUSE
Posts: 8

Rep: Reputation: 0
Xylon,

I think you need to be more educated on network security to make the statement that a firewall is not neccessary. It is certainly unneccessary if you don't mind re-installing your compter all the time

Your computer has not been attacked doesn't mean that it won't be attacked. Also you may not need to have high security level (notice the word 'may') if your computer does not function as a server, or, if you are disconnected from internet.

In fact, computers are doing much more than they used to. The more functions it has, the more potential security holes there exists. Your computer is like your house. Will you leave your doors open even if there's nothing special in the house?

As simple as that.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Which services are unnecessary? revenant Linux - Security 4 03-28-2004 11:43 PM
Kernel 2.6 and Firewall's ghostwalker Linux - Security 4 01-26-2004 03:36 AM
unnecessary user accounts linen0ise Slackware 2 09-19-2003 09:27 AM
Firewall's and MSBlast qwijibow Linux - Security 15 08-26-2003 09:54 PM
Firewall's proxy settings. silverstriip Linux - Networking 1 08-20-2003 02:32 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:57 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration