Re: Why must I use firewall ?
Supote Leelasupphakorn wrote: Hi, all So far, I known firewall is a choice when I want to protect my boxes from crackers but my question is if I closed the service I don't use (such as port 25 for STMP) so the cracker out there can't attack, what's the reason "firewall" come to play ? First off, you don't have to use a firewall. It's your machine, do whatever you want. Hypothetical example: Some jerk suddenly starts DoSing your server (like SQL slammer, or anything similar) if you already have a firewall setup, you can quickly and easily add a rule to block the attacked port and reduce the dameage. Example #2: Employees are playing Internet games while they should be working. You can quickly add a rule to prevent the game traffic from working. You can even do like I did for a client and add a cron job that allows them to play games during lunch only. Example #3: You want to keep an individual employee from hogging all the network bandwidth. Set up dummynet rules to keep things flowing. Even if you have no _need_ for a firewall, it can be useful. If you can't think of anything to block, I'd just set it up with the "open" ruleset for now. If the time comes when you need to add a rule you can do so in just a minute or so, as opposed to configuring the whole firewall. -- Bill Moran Potential Technologies http://www.potentialtech.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: Why must I use firewall ?
Hi, >So far, I known firewall is a choice when I want > to protect my boxes from crackers but my question is > if I closed the service I don't use (such as port 25 > for STMP) so the cracker out there can't attack, > what's the reason "firewall" come to play ? >From a general viewpoint the more levels of security the better. i.e. shutting down the service=good, shutting down the service + filtering out unwanted traffic at the network edge (firewall) = better, shutting down the service + filtering out the unwanted traffic (firewall) + observing internal traffic for odd things (IDS) = even better. Firewalls are generally positioned at network gateways, where as servers are generally within the network. This means carrying out security at the firewall is much easier as it is the focal point for all network traffic. Firewalls generally have a much better logging ability, this is again helped by their positioning in the network. Logging will be important in the post-cracking examination of what went wrong. More importantly, you shouldn't be thinking "Should I use a firewall?" you should be thinking "what should my security model look like?" Firewalls are only a security tool to be used in addition to correct configuration of the server, security audits, IDS, penetration tests, account/password management and business practices/procedures. However any security procedure you put in place must be cost effective i.e. The cost of your security hardware/procedure/implementation must be less than the cost of total destruction of your data and it's replication in a disaster recovery procedure (1 times, 2 times or 3 times... your choice as to how often you think this will happen). Hope those general comments help. Phil. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Why must I use firewall ?
Hi, all So far, I known firewall is a choice when I want to protect my boxes from crackers but my question is if I closed the service I don't use (such as port 25 for STMP) so the cracker out there can't attack, what's the reason "firewall" come to play ? Thanks in advance, Want to chat instantly with your online friends? Get the FREE Yahoo! Messenger http://uk.messenger.yahoo.com/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"