Firewall

[Lee Braiden]

On Friday 04 November 2005 02:06, Ewan Mac Mahon wrote:
> Individual machine firewalls make sense on Windows because it runs a
> load of servers by default and ingress firewalling is the simplest way
> to cut them off from the net; also, Windows is suceptible to a lot of
> malware (in the broadest sense) and egress firewalling is useful to cut
> that off. Linux in general is not greatly plagued by malware and Ubuntu
> in particular runs no servers by default - what is it that you're trying
> to firewall?

Firewalls are always a good idea.  Even if your router has a good firewall, 
individual machines are best to have firewalls too.  Think of it as a way of 
setting high-level policy, of what's allowed to come in and out of the 
machine: if something screws up or gets misconfigured, or if someone (even a 
trusted employee) installs a rootkit, then you still have another layer of 
protection.  Also, firewalls are not foolproof.  Even if you have a 
firewalled router, it can be penetrated, in which case your secondary 
firewalls become pretty important.  Since they're likely to be differently 
configured or even running a different OS/firewall system from your router, 
you could can something like twice the protection from a second firewall, if 
you're careful about other related things like LAN traffic.  Also, in these 
days of wireless LANS etc., it's not wise to trust your LAN completely even 
if it is firewalled at the internet gateway.

It's not perfect by any means, but individual machines can be easily 
firewalled en masse, according to some policy, so it's well worth doing, I 
think.

As it turns out, Windows is the only major OS I know of that can't fully 
handle that, because its controls aren't fine-grained enough, and in some 
situations you can't run a firewall on a laptop that connects to an active 
directory domain.

-- 
Lee Braiden
http://www.DigitalUnleashed.com