Re: Firewalls, are they really necessary?

From: Walter Mautner (leafnews.20.eatallspam_at_spamgourmet.com)
Date: 12/22/04


Date: Wed, 22 Dec 2004 22:16:10 +0100

Fao, Sean wrote:

> RC wrote:
>> You assume too much. Dont' think of a firewall as just INPUT. OUTPUT
>> is at least as important - ie smbd. Do you follow?
>>
Bad example. You might bloch incoming (requests to port 137:139,445) as well
as outgoing - to the inet interface.
 
>> Of course a firewall is important but connecting to a pop3 port doesn't
>> prove
>> jack. Why run a local mail server at all, with or without a firewall?

Have it here for my own purpose. Hotwayd allows connecting pop3 clients or
local postfix to a hotmail account. At least it will work till spring, when
Microsoft again announced to change protocols ...
Of course, that mail server is only for "local" purpose.

>> If it's running,
>> it's running and will be accessible with or without a firewall. That was
>> my point. That makes the telnetter's example moot.
>
There is another (as I posted) method to resctict access to it to the
internal network. A firewall is just another security layer, and it should
never keep people from thinking.
 
> I think we're simply misunderstanding each other and I apologize for
> getting defensive.
>
> I agree, a POP3 server is *probably* useless if it's not intended to be
> exposed to the outside world. However, in the rare circumstance that aq
> required a POP3 server (learning experience?), a firewall would
> obviously provide another level of protection to ensure that no unwanted
> visitors could read his mail.
>
Yes, butz no "learning experience" intended - hotwayd (google for it) is
just a means to redirect webmail to pop3.

> You call the telnetter's example "moot" because the service shouldn't
> have been running in the first place. Agreed, it probably shouldn't
> have been running; but, it was (and maybe it was supposed to be), and aq
> now walks away with a better understanding of what a firewall can
> protect against. If they were only good for blocking services that
> shouldn't be running, we'd never have a need for them.
>
That service is fine - but restriction to the local network or even
localhost makes the difference :).

-- 
Longhorn error#4711: TCPA / NGSCP VIOLATION: Microsoft optical mouse 
detected penguin patterns on mousepad. Partition scan in progress
 to remove offending incompatible products.  Reactivate your MS software. 
Linux woodpecker.homnet.at 2.6.9-mm1[LinuxCounter#295241]