LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 03-29-2007, 11:40 PM   #1
bjb_nyj101
Member
 
Registered: Feb 2007
Distribution: openSUSE
Posts: 56

Rep: Reputation: 15
Firewall Safety


I just took the grc shields up test, with just my hardware firewall, and i got perfects on everything, full stealth mode

does that mean that i have no need for a software firewall (guarddog,firestarter,etc.) ??
 
Old 03-30-2007, 02:00 AM   #2
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
assuming it is indeed completely stealth (i don't know if "grc shields up" checks *every* port), it depends... it's kind of subjective... how many PCs do you have behind the dedicated ("hardware") firewall?? if it's just one, then a host-based ("software") firewall might be kinda redundant... but then again, it could save your box if your router gets rooted... and of course if you have several boxes behind your firewall then host-based firewalls would be a good idea, in order to provide protection on the LAN itself, in case any boxes get rooted behind the dedicated firewall...
 
Old 03-30-2007, 01:39 PM   #3
archtoad6
Senior Member
 
Registered: Oct 2004
Location: Houston, TX (usa)
Distribution: MEPIS, Debian, Knoppix,
Posts: 4,727
Blog Entries: 15

Rep: Reputation: 234Reputation: 234Reputation: 234
I don't think Shields Up! tests every port by default, just the ones up to about 1024 or a little beyond.

BTW, which "hardware firewall" are you using?
 
Old 03-30-2007, 02:25 PM   #4
GrapefruiTgirl
LQ Guru
 
Registered: Dec 2006
Location: underground
Distribution: Slackware64
Posts: 7,594

Rep: Reputation: 556Reputation: 556Reputation: 556Reputation: 556Reputation: 556Reputation: 556
Shields up can, as I recall from my last visit, be made to scan every available port. It is, IMHO one of the better port scanners out there. Only catch is, aside from doing the standard scan of the first 1000 ports or whatever the number is, the remainder up to 65535 can only be checked 64 at a time :O
 
Old 03-30-2007, 09:20 PM   #5
fotoguy
Senior Member
 
Registered: Mar 2003
Location: Brisbane Queensland Australia
Distribution: Custom Debian Live ISO's
Posts: 1,291

Rep: Reputation: 62
Quote:
Originally Posted by bjb_nyj101
does that mean that i have no need for a software firewall (guarddog,firestarter,etc.) ??
Personally I would still have firewalls running on any of my machines, there are other ways that can still be a threat to your network.

For example, you could receive an email that contains a virus or worm, a firewall setup the right way may help to stop or atleast minimise the damage that a virus/worm could do to your network while it tries to propagate through your network.
 
Old 03-31-2007, 12:52 PM   #6
bjb_nyj101
Member
 
Registered: Feb 2007
Distribution: openSUSE
Posts: 56

Original Poster
Rep: Reputation: 15
network config

I have the builtin firewall on my router, and it is in full stealth mode.

I have this linux desktop , and two wireless windows machines on the network.
 
Old 04-01-2007, 09:46 AM   #7
archtoad6
Senior Member
 
Registered: Oct 2004
Location: Houston, TX (usa)
Distribution: MEPIS, Debian, Knoppix,
Posts: 4,727
Blog Entries: 15

Rep: Reputation: 234Reputation: 234Reputation: 234
What is your router?

What is its "built in" firewall.

Although Steve Gibson & Leo Laporte will say that any old NATing home router will provide 90% of the security of a "real" dedicated firewall, there is still a difference.


How good is your wireless security vis-à-vis the wired portion of your LAN?


Personally, I run SmoothWall Express w/ no wireless attached, no firewall or anti-anything package on even my girlfriend's W2k box. That we have no problems is a testament to the adage that security starts w/ the users. I am not recommending this to anyone else, I'm just pointing out that who is connecting via wireless is important in deciding your security needs.
 
Old 04-01-2007, 11:13 AM   #8
bjb_nyj101
Member
 
Registered: Feb 2007
Distribution: openSUSE
Posts: 56

Original Poster
Rep: Reputation: 15
I have a NAT router, with the firewall turned on and its in full stealth mode.

My wireless encryption is WPA, and i have changed the default SSID and password
 
Old 04-01-2007, 11:49 AM   #9
archtoad6
Senior Member
 
Registered: Oct 2004
Location: Houston, TX (usa)
Distribution: MEPIS, Debian, Knoppix,
Posts: 4,727
Blog Entries: 15

Rep: Reputation: 234Reputation: 234Reputation: 234
Forgive me if this sounds rude, but what is so hard about posting the Mfr. & Model #?
 
Old 04-01-2007, 03:14 PM   #10
bjb_nyj101
Member
 
Registered: Feb 2007
Distribution: openSUSE
Posts: 56

Original Poster
Rep: Reputation: 15
here it go

Linksys Wireless-G Broadband Router
Model No. WRT54G
----------------------------------------------------------------------------------------------------
 
Old 04-01-2007, 04:44 PM   #11
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
i have a WRT54G (v3.1) at home... at the moment, i have behind it my Ubuntu 6.06 desktop, my Slackware 10.2 server, and my Ubuntu 6.10 laptop... all of the boxes are running their own host-based firewalls... my suggestion is that you do the same - some of the reasons for doing it have already been explained...
 
Old 04-01-2007, 08:21 PM   #12
bjb_nyj101
Member
 
Registered: Feb 2007
Distribution: openSUSE
Posts: 56

Original Poster
Rep: Reputation: 15
If i must use a software firewall aslo, then seriously, what is the point of having the firewalls built in with the router?

iptables can reject/allow the same things as the router can, so whats the point of having them both on?

You guys have made the point that if my router gets "rooted" , then you would have the sofware firewall to protect each individual computer. so why not jsut have software firewalls, why have the hardware firewall enabled?
 
Old 04-02-2007, 01:39 AM   #13
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally Posted by bjb_nyj101
If i must use a software firewall aslo, then seriously, what is the point of having the firewalls built in with the router?

iptables can reject/allow the same things as the router can, so whats the point of having them both on?

You guys have made the point that if my router gets "rooted" , then you would have the sofware firewall to protect each individual computer. so why not jsut have software firewalls, why have the hardware firewall enabled?
nobody's said you "must use" host-based firewalls on your LAN... =/

a dedicated firewall/router doesn't do any firewalling between hosts in the same LAN zone, but host-based firewalls do... that's the main reason why you'd wanna consider using host-based firewalls in addition to your dedicated firewall...
 
Old 04-02-2007, 01:46 AM   #14
bjb_nyj101
Member
 
Registered: Feb 2007
Distribution: openSUSE
Posts: 56

Original Poster
Rep: Reputation: 15
ok

i get it . thanks
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Power-Off Safety Features? Brett-NZ Linux - Newbie 3 03-09-2005 09:39 AM
safety first with kernelupgrade, but how? deNiro Slackware 1 12-20-2003 09:02 AM
Safety in mounting FAT32 PatG Linux - General 4 04-14-2002 11:11 PM
safety/stability on linux Bernhard Linux - General 2 01-29-2002 08:54 AM
firewall is safety? hurtsman Linux - Networking 2 12-02-2001 04:14 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:01 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration