Re: Do I really need firewall? A newbie's question
From: Wolfgang Kueter (wolfgang_at_shconnect.de)
Date: Sun, 01 May 2005 13:18:09 +0200
> But for a newbie (like myself as well)>
> - a good software firewall on the box
There is no such thing.
> a good virus scanner,
Yes, no, maybe.
> regular spyware scans
> common sense
> and a properly configured router will keep people away from my ip.
If you trust the NAT implementation ...
Unfortunately among all the snakeoil you recommended you forgot the most
important thing: Strict user and access rights.
> Now if you want to get technical, yes...people can walk through one of
> those little routers easily, and probably do it on a regular basis.
> why would someone who can blow through a router and comprimise a box
> want to go through a regular computer users box? They would get bored
> after their second "adventure" and want to move on to bigger things or
> do something else.
The average home user machine, that today is often permanently connected to
the net make quite an interesting target, that can be remotely controlled
by installed malware. These boxes form botnets that are for example used to
send out a lot of spam. Professional spamming has become quite a big
> I say no on the router firewall... mainly because it will give one more
> hoop for the information to jump through on its way out and back in...
> Not to mention something that the firewall a router is sporting is
> probably not the best thing that was ever done...
> Block the unused ports,
How woulf you do that? What tools to use for that?
> NAT properly,
Nothing more to be done than 'trust the implemtation'.
> take care of the specific systems (computers, boxes, etc)
What does that mean?
> and hope you dont attract a hacker that can
> blow through security easily and you will be just fine.
Hope? What will you recommend next, daily prayers?
Here comes my list:
1. Set user and acces rights as strict as possible.
2. Install only the absolue minimum of software that is required to get the
work with a certain box done.
3. Install security patches as soon as possible.
4. Do not use bloated software, better do not even install it.
5. Lock down the box, shut down all unwanted services.
6. Delete any attachments you recieve via email from anybody.
7. Do not use insecure client software like IE and Outlook(Express)
8. Keep totally off from IRC and P2P networks.
9. Filter incoming and outgoing traffic with a suitable perimeter device.
10. Learn to understand log files.
11. Read security lists regularely.