Re: Firewalls: what's the use?
From: Gabriel (en_hemlig_person_at_hotmail.com)
Date: 14 Dec 2003 04:04:50 -0800
?Žik <> wrote in message news:<firstname.lastname@example.org>...
> On 13 Dec 2003 12:42:41 -0800, the right honourable
> email@example.com (Gabriel) wrote:
> >This is my scenario: I'm running a 24/7 Apache web server with MySQL
> >and PHP on Linux Red Hat 9.0. The only ports that I have opened are 80
> >(http) and 22 (ssh). From one of the web pages on the web server it is
> >possible to send mail via a form but port 25 on my system only allows
> >local connections and it is not possible to connect to it from the
> >outside, just to send mail from the inside.
> >Since it is a web server I obviously need to allow traffic from anyone
> >to port 80. Now to my question: why do I need a firewall?
> >If there are no open ports on my system there is nothing to hack? Am I
> >wrong? I know that it is possible to attack the server through port 80
> >with "disguised" data, but a firewall won't stop that anyway so why do
> >I need one? I guess it could be useful to restrict SSH-access only to
> >one or two IP numbers but it seems like overkill to implement a
> >firewall just because of that.
> >Forgive my stupidity and please tell my why I need a firewall.
> >Thank you for reading my post. I appreciate all the help I can get
> >very much.
> the big question to me seems to be:
> How sure are you ?
> Nobody has a modem on the local net ?
No. There are no modems on the local net. The server is a so-called
"dedicated server" and it is situated in a server room, which is an
old bank vault with walls that are 3 meters thick. I doubt that they
even have a phone line going in to that room.
> Nobody brings floppies/CDs in ?
Most certainly they do and with "they" I mean the server-room
administrators since they are to only ones allowed into the room and
therefore they are the only ones that can install the OS initially.
> is your box physically secure (nobody can get at its keyboard) ?
Both yes and no. See the previous answers. But I fully trust these
guys not to tamper with my server physically. It is a very
professional company and considered as one of the best in Sweden. Yes,
I know that I can't really trust anyone but in this case I think is
the least of my problems.
> problem is not only keeping things out, but also keeping things in.
Thank you for your answers Erik. I appreciate it.