[clug-talk] OT: Discuss: really need a firewall?
simon at mungewell.org
Thu Apr 6 11:11:12 PDT 2006
the function of a firewall is to prevent the services that you run on a
machine being visible to the outside world - this can mean two things:
1) that you are preventing outside users accessing these services, this
would for example prevent password guessing.
2) attacks against bugs in those services.
There are other possible routes of attack....
1) Denial of service against the IP stack - ping flooding, etc
2) Attacks against the stack itself - ping of death, etc.
[software firewall would still stuffer from these...]
So even if you have no services running, there can be benefit to having
a hardware firewall, if you have services running you probably want (at
least a software) firewall.
You should be carefull when install applications as they can
unexpectedly listen on external interfaces and therefore expose
Personally I prefer hardware firewalls, as they normally have the
advantage of being a swith/hub as well.
The most secure system is obviously one without any connection, but
that's a little impractical.
PS. If you want to see whats actually happening on the connection, you
can run a sniffer like TCP dump - just shows how many script kiddies
there are in the world.......
More information about the clug-talk