Re: Firewalls: what's the use?

From: Joe (joe_at_jretrading.com)
Date: 12/13/03 

Date: Sat, 13 Dec 2003 22:06:45 +0000

In message <c1f1e7b.0312131242.37e9538c@posting.google.com>, Gabriel
<en_hemlig_person@hotmail.com> writes
>Hi!
>
>This is my scenario: I'm running a 24/7 Apache web server with MySQL
>and PHP on Linux Red Hat 9.0. The only ports that I have opened are 80
>(http) and 22 (ssh). From one of the web pages on the web server it is
>possible to send mail via a form but port 25 on my system only allows
>local connections and it is not possible to connect to it from the
>outside, just to send mail from the inside.
>
>Since it is a web server I obviously need to allow traffic from anyone
>to port 80. Now to my question: why do I need a firewall?
>
>If there are no open ports on my system there is nothing to hack? Am I
>wrong? I know that it is possible to attack the server through port 80
>with "disguised" data, but a firewall won't stop that anyway so why do
>I need one? I guess it could be useful to restrict SSH-access only to
>one or two IP numbers but it seems like overkill to implement a
>firewall just because of that.
>
>Forgive my stupidity and please tell my why I need a firewall.
>
>Thank you for reading my post. I appreciate all the help I can get
>very much.
>
ICMP, which does not use ports? A firewall is the simplest way to
control the types of ICMP message sent and received.

Prevention and/or logging of 'illegal' TCP messages used for probing
your system? A 'port' is only a number in the IP message, not a physical
object. A TCP or UDP message to a port which is not 'open' still
traverses parts of your system software and can be used to acquire
information about your machine which may help in a determined port 80 or
port 22 attack. 

-- 
Joe

Relevant Pages

  • Re: keeping ports open
    ... If a port is open, it means that 1) a software or service is running on your ... and 2) you're not using a firewall or your firewall isn't ... Use firewall software and hardware and antivirus software that is ... Follow the instructions for hardening Windows and IIS at ...
    (microsoft.public.security)
  • Re: How to Maintain an IIS Server?
    ... > server running on a Windows 2000 server. ... before a firewall and antivirus have been installed]. ... open ports; however, this will not identify which program is using the port. ...
    (microsoft.public.inetserver.iis.security)
  • Re: CEICW fails at firewall config
    ... ISA Server prevents connection to a remote desktop when you connect through ... Remote Web Workplace on a Windows Small Business Server 2003-based computer ... Acceleration Server as a firewall. ... connection uses TCP port 4125. ...
    (microsoft.public.windows.server.sbs)
  • Re: How to Maintain an IIS Server?
    ... >> server running on a Windows 2000 server. ... > before a firewall and antivirus have been installed]. ... > program or executable using that port. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Is secedit.exe left by a hacker?
    ... > tested on port 445. ... > I have a Linksys router that I use as a firewall to my ... Secedit.exe is the name of a legitimate Windows file, ... investigate the files on your computer - antivirus with the latest updates ...
    (microsoft.public.win2000.security)