Re: firewall

Top Page
Attachments:
Message as email
+ (text/plain)
+ (text/html)
+ (text/plain)
Delete this message
Reply to this message
Author: Paul Mooring
Date:  
To: Main PLUG discussion list
Subject: Re: firewall
That's probably good enough for most use cases, this is really another case
of different cases have different needs and security isn't magic. So in
the spirit of do what you need think about what a firewall is, what the
drawbacks of running one are and what risks it mitigates:

- A firewall is something that restricts the flow of network traffic

You mentioned your router has a built in firewall, this handles 95% of what
most linux users would want a firewall for. I assume whether you realize
it or not you probably also have some iptables rules set up as a software
firewall.

- What's the drawback?

All of network/computer security is a balance of security and convenience.
Firewalls generally aren't that inconvenient until you get into add source
restrictions (the static IP address of my office can connect but everything
else is denied access). So you probably have next to no drawbacks.

- What risks does it mitigate

More assumptions here: You don't run your linux box on the public Internet,
it's in a private subnet (192.168.X.X probably) and behind a NAT'd
modem/router. This means you're probably mostly secure from the bulk of
threats.


All this to say, in this day and age most home/workstations users shouldn't
care too much about maintaining their software firewalls on the machines
they use. That doesn't mean firewalls aren't important (they *really*
are), it means your router is handling that for you already for the most
part. Systems administrators and production servers are another story, if
you're a professional sysadmin you should know your firewall and actively
maintain. The open Internet is a scary place and if you don't believe that
look at your auth logs ;).

Thanks,


On Tue, Aug 26, 2014 at 8:14 PM, Michael Havens <> wrote:

> I hear people say, "Even Linux users need a firewall."
> My question is..... why? I've runlinux since '98 w/o a firewall (aside
> from the one sent with my modem/router). Isn't that good enough?
> :-)~MIKE~(-:
>
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>




--
Paul Mooring
Operations Engineer
Chef
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss