Linux in Government: Optimizing Desktop Performance, Part III | Linux Journal

Tue May 31 21:49:56 UTC 2005

Tom,

On Tue, 2005-05-31 at 14:19 -0500, Tom Adelstein wrote:

> Turning off iptables effectively kills the firewall. That's why I
> annotated it with the comment - if not running a firewall. 

Must have missed that comment in my eagerness to read the article!

> Someone out in either land (not Ethernet LAN) with a wireless connection
> ought to have their system hardened. I'm planning on discussing that
> pretty soon in one of the next installments. 

That should be interesting.

> If a user lives behind a well constructed firewall, would you feel
> satisfied if they didn't have a personal firewall?

It depends what else is behind the firewall!

In my environment, a large University, we have a firewall at the network
perimeter, but I still recommend use of a personal firewall on desktop
systems throughout the campus. This is because of mobile computing.
Users bring their laptops in and out of the firewall; they connect into
our network over dial-up lines from unsecured home PCs (a commercial
organisation would probably be more strict about this, but we are a
University!); viruses can get in via e-mail, or WEB downloads, so
desktops need to be protected at the desktop as best they can be. I'm
also currently advocating use of intrusion protection systems for
Windows based systems.

Our firewall allows ssh connections in. Some of our break-ins have been
user name compromises on *nix boxes. Often it is default passwords for
standard accounts or just easily guessed passwords. Again, once in
behind the firewall, you need another level of protection.

Regards,
Tony.
-- 
Tony Arnold, IT Security Coordinator, University of Manchester,
Manchester Computing, Kilburn Building, Oxford Road, Manchester M13 9PL.
T: +44 (0)161 275 6093, F: +44 (0)870 136 1004, M: +44 (0)773 330 0039
E: tony.arnold at manchester.ac.uk, H: http://www.man.ac.uk/Tony.Arnold