Re: Debian secure by default?

---

• From: Lee Glidewell <lee.glidewell@xxxxxxxxx>
• Date: Fri, 16 May 2008 20:54:27 -0700

---

On Friday 16 May 2008 07:39:27 pm lostson wrote:

On Fri, 2008-05-16 at 19:09 -0700, Lee Glidewell wrote:

On Friday 16 May 2008 07:02:59 pm Paul Johnson wrote:

On Friday 16 May 2008 07:01:38 pm lostson wrote:

My 2 cents a default firewall would be nice

You mean like Windows has? How about not. Here's why:
http://samspade.org/d/firewalls.html

The money quote from that link:
"So... what does a 'personal firewall' actually do? Well, effectively it
listens on all the ports on your system. This provides no real additional
security over turning off the services that you don't use."

The nature and purpose of a "firewall" seems to be greatly misunderstood.
Personally, I think security vendor hype is as much to blame as naivete.

Lee

So basically a firewall is useless ?

LostSon

Well, no, I wouldn't go that far. I would say, however, that a generic,
all-purpose software firewall isn't going improve Debian's "out of the box"
security.

If you know what you're doing, on the other hand, packet filtering software is
incredibly useful. The point about the hardware firewalls boils down to two
facts:
1) If you're serious about security, you should separate services. This means
giving iptables its own box (e.g., a retail NAT router) rather than assigning
a workstation to double-duty.
2) If you don't want to set up your own filtering rules, a retail NAT router
is a better solution than an iptables configuration utility.

The bottom line, IMO, is that a "firewall" is only a set of rules. How useful
it is can only be judged in light of the specific function of the computer
it's protecting.

Lee


--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx

---

• Follow-Ups:
  • Re: Debian secure by default?
    • From: Misko

• References:
  • Debian secure by default?
    • From: Rico Secada
  • Re: Debian secure by default?
    • From: Lee Glidewell
  • Re: Debian secure by default?
    • From: lostson

• Prev by Date: Re: Debian secure by default?
• Next by Date: Re: missing log messages
• Previous by thread: Re: Debian secure by default?
• Next by thread: Re: Debian secure by default?
• Index(es):
  • Date
  • Thread

---

Relevant Pages [REVS] Bypassing Client Application Protection Techniques ... Get your security news from a reliable source. ... protection programs. ... * Kerio Personal Firewall 4.0 ... And we got actually nothing in the field of client application ... (Securiteam) Re: Recycler security issues on IIS server ... > latest upates to the server. ... > like to see the server put behind our firewall, ... other software, install all patches, IISlockdown, URLscan, use the correct ... the procedures you follow may vary depending on your security needs. ... (microsoft.public.inetserver.iis.security) Why hasnt Symantec addressed nastier Messenger spoofs ... Norton / Symantec has been silent on whether Norton Internet Security ... DSL firewall will stop these kinds of pop-ups. ... major ISPs and broadband systems. ... (comp.security.misc) Re:RE : suggestions on a good firewall ... Subject: RE: suggestions on a good firewall ... CheckPoint does! ... with a url-filtering server. ... IT Technical Security Officer ... (Security-Basics) Re: Service pack 2 (XP) ... I have a 'theory' that SP2 has a LOT to do with firewall and new browser ... besides those security features. ... The operative word is SPYWARE. ... (microsoft.public.windowsupdate)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint

linux.derkeiler.com  > Mailing-Lists  > Debian  > 2008-05