Re: Linux server as it own firewall

From: Rob 'Feztaa' Park (fezziker@home.com)
Date: 09/15/01 

Date: Fri, 14 Sep 2001 18:57:41 -0600 (MDT)
From: Rob 'Feztaa' Park <fezziker@home.com>
To: <focus-linux@securityfocus.com>
Subject: Re: Linux server as it own firewall
Message-ID: <Pine.LNX.4.33L2.0109141844460.1194-100000@feztron.ath.cx>

On Fri, 14 Sep 2001, Luciano Miguel Ferreira Rocha (dis)graced my inbox...:

> The firewall needn't protect against bad traffice, the kernel already
> does that.Also, your firewall rules may protect you from a FIN/NUL/XMAS
> portscan, but does not protect you against the more normal SYN and
> connect(2) scans.

The kernel does that? I wasn't aware that the kernel did anything with the
packets (aside from assembling fragments) without iptables rules in place.

> I'm still to find a daemon that doesn't have an option to bind(2) only to
> localhost/127.0.0.1 or that I couldn't change the source in order to make
> it bind to a specific address.
>
> However, I do agree that it's easier to use a firewall to controll the open
> ports, but then you also have a problem in some protocols that related
> connections are hard to keep track of.

True, some services have nonstatic ports, but I don't use them so I don't
have to worry about stuff like that.

> Yes, that is very usefull, but you're forgetting the trojan as in most cases
> ilimited access to the machine, so it may be able to disable the firewall or
> to disguise as a normal apllication connecting to a web server, for example.

True, a trojan could take out the firewall, but how many trojans are that
smart? Most, if not all trojans that I have seen simply open a port to
allow access to an attacker. The trojan might take out the firewall, but
the trojan also might not, and that means the firewall is still useful.

> But the world isn't a perfect one, that's why we have the need for firewalls,
> hids, nids, etc. The point is to have adicional redundant security, either
> to protect our server or to protect others servers in the case it becames
> compromised

Yes, exactly. Firewalls are not the be-all, end-all security measure. They
are simply an added layer of security, a tool of redundancy to slow down
and deter hackers. 

-- 
Rob 'Feztaa' Park
fezziker@home.com
ICQ#: 49781692
:wq!

Relevant Pages

  • Re: NT 4 server firewall?
    ... But the firewall doesn't protect you from this. ... >> available for securing said server. ... A software firewall on a SQL server would NOT in any ...
    (comp.security.firewalls)
  • Re: What antivirus to use SBS 2008ST R2
    ... Protect the workstations, but I'm seriously questioning the value of ... the server memory and file level. ... A backup does not fix the issue where antivirus vendors are installing ... firewall on the server, not even the Windows firewall, certainly not the ...
    (microsoft.public.windows.server.sbs)
  • Re: Linksys hardware firewall enough...?
    ... >> filtering found in these broadband routers to make it a firewall. ... > that hotmail.com start deploying Linksys home networking gear to protect ... SQL server, and not doing EDI or other financial transactions on their ...
    (comp.security.firewalls)
  • Re: protecting computer
    ... > are 3 steps to protect our computer. ... Microsoft gives you the base guidelines. ... disable your Windows Messenger service. ... by the normal home user and in cooperation with a good firewall, ...
    (microsoft.public.security)
  • Re: Bind9 overloaded, recursive clients and timeout.
    ... if the number of requests of any type goes above a define ... purchasing the firewall. ... hinder the very services they are intended to protect. ... A typical UNIX server is quite capable of handling a DOS ...
    (comp.protocols.dns.bind)