Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
03-29-2007, 11:40 PM
|
#1
|
Member
Registered: Feb 2007
Distribution: openSUSE
Posts: 56
Rep:
|
Firewall Safety
I just took the grc shields up test, with just my hardware firewall, and i got perfects on everything, full stealth mode
does that mean that i have no need for a software firewall (guarddog,firestarter,etc.) ??
|
|
|
03-30-2007, 02:00 AM
|
#2
|
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
|
assuming it is indeed completely stealth (i don't know if "grc shields up" checks *every* port), it depends... it's kind of subjective... how many PCs do you have behind the dedicated ("hardware") firewall?? if it's just one, then a host-based ("software") firewall might be kinda redundant... but then again, it could save your box if your router gets rooted... and of course if you have several boxes behind your firewall then host-based firewalls would be a good idea, in order to provide protection on the LAN itself, in case any boxes get rooted behind the dedicated firewall...
|
|
|
03-30-2007, 01:39 PM
|
#3
|
Senior Member
Registered: Oct 2004
Location: Houston, TX (usa)
Distribution: MEPIS, Debian, Knoppix,
Posts: 4,727
|
I don't think Shields Up! tests every port by default, just the ones up to about 1024 or a little beyond.
BTW, which "hardware firewall" are you using?
|
|
|
03-30-2007, 02:25 PM
|
#4
|
LQ Guru
Registered: Dec 2006
Location: underground
Distribution: Slackware64
Posts: 7,594
|
Shields up can, as I recall from my last visit, be made to scan every available port. It is, IMHO one of the better port scanners out there. Only catch is, aside from doing the standard scan of the first 1000 ports or whatever the number is, the remainder up to 65535 can only be checked 64 at a time :O
|
|
|
03-30-2007, 09:20 PM
|
#5
|
Senior Member
Registered: Mar 2003
Location: Brisbane Queensland Australia
Distribution: Custom Debian Live ISO's
Posts: 1,291
Rep:
|
Quote:
Originally Posted by bjb_nyj101
does that mean that i have no need for a software firewall (guarddog,firestarter,etc.) ??
|
Personally I would still have firewalls running on any of my machines, there are other ways that can still be a threat to your network.
For example, you could receive an email that contains a virus or worm, a firewall setup the right way may help to stop or atleast minimise the damage that a virus/worm could do to your network while it tries to propagate through your network.
|
|
|
03-31-2007, 12:52 PM
|
#6
|
Member
Registered: Feb 2007
Distribution: openSUSE
Posts: 56
Original Poster
Rep:
|
network config
I have the builtin firewall on my router, and it is in full stealth mode.
I have this linux desktop , and two wireless windows machines on the network.
|
|
|
04-01-2007, 09:46 AM
|
#7
|
Senior Member
Registered: Oct 2004
Location: Houston, TX (usa)
Distribution: MEPIS, Debian, Knoppix,
Posts: 4,727
|
What is your router?
What is its "built in" firewall.
Although Steve Gibson & Leo Laporte will say that any old NATing home router will provide 90% of the security of a "real" dedicated firewall, there is still a difference.
How good is your wireless security vis-à-vis the wired portion of your LAN?
Personally, I run SmoothWall Express w/ no wireless attached, no firewall or anti-anything package on even my girlfriend's W2k box. That we have no problems is a testament to the adage that security starts w/ the users. I am not recommending this to anyone else, I'm just pointing out that who is connecting via wireless is important in deciding your security needs.
|
|
|
04-01-2007, 11:13 AM
|
#8
|
Member
Registered: Feb 2007
Distribution: openSUSE
Posts: 56
Original Poster
Rep:
|
I have a NAT router, with the firewall turned on and its in full stealth mode.
My wireless encryption is WPA, and i have changed the default SSID and password
|
|
|
04-01-2007, 11:49 AM
|
#9
|
Senior Member
Registered: Oct 2004
Location: Houston, TX (usa)
Distribution: MEPIS, Debian, Knoppix,
Posts: 4,727
|
Forgive me if this sounds rude, but what is so hard about posting the Mfr. & Model #?
|
|
|
04-01-2007, 03:14 PM
|
#10
|
Member
Registered: Feb 2007
Distribution: openSUSE
Posts: 56
Original Poster
Rep:
|
here it go
Linksys Wireless-G Broadband Router
Model No. WRT54G
----------------------------------------------------------------------------------------------------
|
|
|
04-01-2007, 04:44 PM
|
#11
|
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
|
i have a WRT54G (v3.1) at home... at the moment, i have behind it my Ubuntu 6.06 desktop, my Slackware 10.2 server, and my Ubuntu 6.10 laptop... all of the boxes are running their own host-based firewalls... my suggestion is that you do the same - some of the reasons for doing it have already been explained...
|
|
|
04-01-2007, 08:21 PM
|
#12
|
Member
Registered: Feb 2007
Distribution: openSUSE
Posts: 56
Original Poster
Rep:
|
If i must use a software firewall aslo, then seriously, what is the point of having the firewalls built in with the router?
iptables can reject/allow the same things as the router can, so whats the point of having them both on?
You guys have made the point that if my router gets "rooted" , then you would have the sofware firewall to protect each individual computer. so why not jsut have software firewalls, why have the hardware firewall enabled?
|
|
|
04-02-2007, 01:39 AM
|
#13
|
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
|
Quote:
Originally Posted by bjb_nyj101
If i must use a software firewall aslo, then seriously, what is the point of having the firewalls built in with the router?
iptables can reject/allow the same things as the router can, so whats the point of having them both on?
You guys have made the point that if my router gets "rooted" , then you would have the sofware firewall to protect each individual computer. so why not jsut have software firewalls, why have the hardware firewall enabled?
|
nobody's said you "must use" host-based firewalls on your LAN... =/
a dedicated firewall/router doesn't do any firewalling between hosts in the same LAN zone, but host-based firewalls do... that's the main reason why you'd wanna consider using host-based firewalls in addition to your dedicated firewall...
|
|
|
04-02-2007, 01:46 AM
|
#14
|
Member
Registered: Feb 2007
Distribution: openSUSE
Posts: 56
Original Poster
Rep:
|
ok
i get it . thanks
|
|
|
All times are GMT -5. The time now is 07:01 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|