Why you need a firewall
Chris Tresco
rardoe at rarcom.com
Thu Oct 24 15:24:17 EDT 2002
Sure there is... there are many ways.
Win2k has firewalling built into the thing... you have to reboot to
activate it. You can use something like BlackICE to lock down ports as
well... In Windows XP I think you can turn off smb for an interface...
and you might even be able to unbind all windows networking from an
interface in win2k as well as XP/9x, but I am not sur on that. I think
the main problem is the level of user knowledge of people running
windows (on average) as compared to those who run linux. I will agree
that Windows is generally less secure, but it doesn't necessarily have
to be if you know what you are doing.
On Thu, 2002-10-24 at 13:42, Derek Atkins wrote:
> Chris Tresco <rardoe at rarcom.com> writes:
>
> > You could argue the same for a Windows box... if maintained correctly ,
> > it doesn't need a firewall. But alas...
>
> No, there is just no way to secure SMB on a windows box, and frankly
> there is no way to know what apps are "autorun" on a windows box.
> I've heard of applications that install _AND RUN_ IIS for you,
> automatically! Which means you may not even know you're running it.
>
> That would/could never happen on Linux. There are secure file
> systems, secure network authentication systems, and service lockdown
> methodologies for Linux (and BSD, and Solaris, and...) which results
> in a MUCH more stable and secure operating environment.
>
> In general, firewalls only get in the way and reduce productivity.
> There are a _few_ cases where a minimal packet filter is useful.
>
> -derek
>
> > On Thu, 2002-10-24 at 12:29, Derek Atkins wrote:
> > > Yes, but the vast majority of those probes are against Windows..
> > > Yes, you need a firewall to protect the Internet from Windows (no,
> > > I do not look at it the other way around! ;)
> > >
> > > However, I still maintain that a properly-maintained Linux box does
> > > not need a firewall.
> > >
> > > -derek
> > >
> > > Chris Tresco <rardoe at rarcom.com> writes:
> > >
> > > > Something to add...
> > > >
> > > > A lot of users out there would be absoltely flabberghasted (sp?) at the
> > > > number of times per day my linux box acting as a router/firewall for my
> > > > ATT Broadband cable connection is probed or attacked. I run snort to
> > > > log these things... I honestly get at least 100 attack attempts and
> > > > probes per day.... it only takes one of these to work successfully for
> > > > someone to be compromised.
> > > >
> > > >
> > > >
> > > > On Thu, 2002-10-24 at 11:48, David Kramer wrote:
> > > > > I'm sure most of you heard that on Tuesday, the internet's root DNS servers
> > > > > were crippled by a Denial Of Service (DOS) attack, where the machines were
> > > > > flooded with endless garbage IP packets so the real DNS requests couldn't get
> > > > > through.
> > > > >
> > > > > What I recently learned, though, is this was really a Distributed Denial Of
> > > > > Service (DDOS) attack. That means that hackers hacked into hundreds of other
> > > > > peoples' home computers and then remotely commanded them all to attach the
> > > > > root DNS servers at the same time, probably without the owners' knowledge.
> > > > >
> > > > > What I'm trying to point out here is that it's easy to say "well, I don't have
> > > > > any important data on my machine hooked up to a cablemodem or DSL line, so I
> > > > > don't need a firewall", but that doesn't mean your machine can't be used by
> > > > > hackers to hurt others.
> > > > >
> > > > > -------------------------------------------------------------------
> > > > > DDDD David Kramer http://thekramers.net
> > > > > DK KD
> > > > > DKK D "Where's the kaboom? There was supposed to be an
> > > > > DK KD earth-shattering kaboom."
> > > > > DDDD - Marvin the Martian
> > > > > _______________________________________________
> > > > > Discuss mailing list
> > > > > Discuss at blu.org
> > > > > http://www.blu.org/mailman/listinfo/discuss
> > > > >
> > > >
> > > >
> > > > _______________________________________________
> > > > Discuss mailing list
> > > > Discuss at blu.org
> > > > http://www.blu.org/mailman/listinfo/discuss
> > >
> > > --
> > > Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
> > > Member, MIT Student Information Processing Board (SIPB)
> > > URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
> > > warlord at MIT.EDU PGP key available
> > > _______________________________________________
> > > Discuss mailing list
> > > Discuss at blu.org
> > > http://www.blu.org/mailman/listinfo/discuss
> > >
> >
> >
> > _______________________________________________
> > Discuss mailing list
> > Discuss at blu.org
> > http://www.blu.org/mailman/listinfo/discuss
>
> --
> Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
> Member, MIT Student Information Processing Board (SIPB)
> URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
> warlord at MIT.EDU PGP key available
>
More information about the Discuss
mailing list