Re: Firewalls: what's the use?

From: Gabriel (en_hemlig_person_at_hotmail.com)
Date: 12/14/03


Date: 14 Dec 2003 04:04:50 -0800


?Žik <> wrote in message news:<hb1ntvgkfhofb30r9ktutvub9nnagpt95b@4ax.com>...
> On 13 Dec 2003 12:42:41 -0800, the right honourable
> en_hemlig_person@hotmail.com (Gabriel) wrote:
>
> >Hi!
> >
> >This is my scenario: I'm running a 24/7 Apache web server with MySQL
> >and PHP on Linux Red Hat 9.0. The only ports that I have opened are 80
> >(http) and 22 (ssh). From one of the web pages on the web server it is
> >possible to send mail via a form but port 25 on my system only allows
> >local connections and it is not possible to connect to it from the
> >outside, just to send mail from the inside.
> >
> >Since it is a web server I obviously need to allow traffic from anyone
> >to port 80. Now to my question: why do I need a firewall?
> >
> >If there are no open ports on my system there is nothing to hack? Am I
> >wrong? I know that it is possible to attack the server through port 80
> >with "disguised" data, but a firewall won't stop that anyway so why do
> >I need one? I guess it could be useful to restrict SSH-access only to
> >one or two IP numbers but it seems like overkill to implement a
> >firewall just because of that.
> >
> >Forgive my stupidity and please tell my why I need a firewall.
> >
> >Thank you for reading my post. I appreciate all the help I can get
> >very much.
> >
> >/Gabriel
>
> the big question to me seems to be:
> How sure are you ?
>
> Nobody has a modem on the local net ?
>

No. There are no modems on the local net. The server is a so-called
"dedicated server" and it is situated in a server room, which is an
old bank vault with walls that are 3 meters thick. I doubt that they
even have a phone line going in to that room.

> Nobody brings floppies/CDs in ?
>
Most certainly they do and with "they" I mean the server-room
administrators since they are to only ones allowed into the room and
therefore they are the only ones that can install the OS initially.

> is your box physically secure (nobody can get at its keyboard) ?
>
Both yes and no. See the previous answers. But I fully trust these
guys not to tamper with my server physically. It is a very
professional company and considered as one of the best in Sweden. Yes,
I know that I can't really trust anyone but in this case I think is
the least of my problems.

> problem is not only keeping things out, but also keeping things in.
>
Correct.

Thank you for your answers Erik. I appreciate it.

/Gabriel.



Relevant Pages

  • Re: Unable to edit / list using crontab -- for HUGH
    ... Re: USRobotics Modem Driver ... there are virutal hosts running on that server ... >> web site. ...
    (RedHat)
  • Re: Home Networking Question: Bridging/IP Forwarding between 2 LAN segments
    ... What kind of switch can I buy and add between the modem and network? ... Connect server 6 to the Westell and configure as necessary to allow VNC. ... Linksys LAN ports. ...
    (microsoft.public.win2000.networking)
  • Re: Fax Problem
    ... I have updated the modem drivers and also untangled the phone line from the server power cords. ... Please note that the newsgroups are staffed weekdays by Microsoft Support professionals to answer your non-urgent, ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)
  • Re: Liunx and DSL routing
    ... has been configured to have a LAN address ... the second mail server is configured as follows: ... > So in order to route to the modem I manually add the 192.168.0.1 ... connection to telco) like a dialup fax/modem. ...
    (comp.os.linux.networking)
  • RE: "Line Unavailable" error when sending faxes
    ... Windows server 2003 from the following web site: ... would you please help me confirm if you use the same modem for ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)