Firewall Questions

Jay Ridgley jridgley2 at austin.rr.com
Tue Oct 7 10:01:58 UTC 2014 

On 10/07/2014 04:38 AM, Christian Wolf wrote:
>
> Hello Jay,
>
> Am 06.10.2014 um 21:27 schrieb Jay Ridgley:
>> Folks,
>>
>> I have my wired network secured with ufw. However, I am wondering
>> about my laptop which is connected wirelessly via an access point. It
>> is, however, sometimes used in a more public setting. Correct me if I
>> am mistaken about it being safe on my wired network without ufw
>> running on it.
>
> You cannot say this generally. The question here is: What is safe?
>
> If you installed a rootkit (just an example) then it is unimportant
> which location you are in, as long as you have network access.
>
>  From the practical perspective you will use the laptop with the access
> point connected to the LAN, right?
> So if the WiFi is secured (WPA or WPA2) you can (in my opinion) consider
> it as safe as the rest of the LAN.
> In fact, if someone broke your WiFi, your whole LAN would be exposed to
> this person, so it IS the same "security level".
>
>>
>> Should I run ufw on it as well?
> That depends. If you hardened the services and disabled unneeded
> services (which is quite some effort), no firewall should be needed
> because you do not offer any serviced to break in.
> If unsure, a firewall will give some redundancy against forgotten
> services. It will not help with kernel problems or similar things.
>
> Here again the question is: What level of security are you looking for
> and what public settings are you thinking of?
>
> Most of the time the problems are not incoming connections but outgoing
> connections originated by the person sitting 30cm in front of the monitor.
> The iptables based filtering rules (ufw uses iptables in the background)
> do only allow to filter on a port/host/protocol basis. It does not allow
> to filter any sort of content. The best filter is to think before
> downloading and installing wild things from the net.
>
>> If so, can I use the default configuration that is present on it? Will
>> there be a problem when it is running behind my home network as a
>> wireless device?
>>
> Unfortunately I have never used ufw. I use iptables directly. So I do
> not know what the defult rules are. Sorry. But I am sure they serve as a
> good starting point.
>
> I hope I could help you even a bit.
> Christian
>

Thanks Christian,

Yes, the access point is connected to the LAN via my server system. The 
server system is headless and contains 3 NICs (TWC Router, Access Point, 
and Local LAN).

I think you  have answered my questions, I will try running ufw on the 
laptop and see if I have problems.

Cheers,
Jay
-- 
Jay Ridgley
jridgley2 at austin.rr.com
Registered Linux User ID - 9115
https://linuxcounter.net/cert/9115.png
Registered Ubuntu User ID - 23320

More information about the ubuntu-users mailing list