Talk:Firewalls
From iA wiki
I'll get into this more soon. -- LukeyBoy
Bah!!! If you have your computer setup properly you don't need a firewall. Home users do not need to be running any services, so there are only 2 things a firewall adds: a) a degree of protection against trojans/viruses from dialing out, b) making people, that don't understand how the internet works, paranoid each time the firewall logs an "incident".
Hrmm... one other useful feature of a firewall, if you configure it right, is invisibility. Deny all incoming packets(ie. respond to incoming packets with silence. ie. Don't respond with a RST.), and drop all ICMP packets (see http://www.sys-security.com/html/projects/icmp.html for why you want to drop ICMP too). This way, some Joe doing a bulk scanning of the net will not see your machine at all. Only sites that you have connected to first, will know your IP and that someone is at that IP. (Again, assumes you are not running any servers.)
If you are running servers, then be prepared(1) to a) be 0wn3d and/or b) be paranoid and spend lots of effort keeping up with bug reports, and maybe installing an IDS(Intrusion Dection System) which monitors traffic for particular attack signatures. If you must run a server, and it does not clash with what you want to do, run the server on a high port number where no one will ever scan (who has time to scan 65535 ports??). Pick a number between 1024, and 65535. The higher the better. And, even if it is discovered, they will have to determine what service is running there too (ie. they probably need to do a banner check.)
(1) Have a backup system with preferably two types of data:
- (a) A backup of all your executables, and configuration files. This should only be done very occasionally. You don't want a hacker having a stealth backdoor in what you thought was a safe backup. And you don't want to restore executables that have known vulnerabilities. So there is an equilibrium that needs to be reached.
- (b) A backup of personal data and files updated regularly. These are undoutably more important than (a), because it is relativly easy(or at least possible) to rebuild your system, but difficult/expensive/or impossible to reconstruct user data.
Then in the advent of a hack, disconnect from the net. (You do not want to tip the hacker off that you have discovered them, as their first action will be rm -rf, or worse, secure deletion!) Wipe your machine clean (maybe take a forensic snapshot of the drive if you wish to analyse the hack) then install your executables and config files, followed by the personal data. I then suggest you temporarily shut down ALL servers (before connecting back to the net), until you have found the culprit vulnerability and have patched the hole. Then reconnect back to the net, and hope you patched the right hole. Note that a honeypot project found an unpatched machine can be compromised within 15 minutes of being connected to the net. In other words, there is a lot of malicious activity out there. Be warned, and be careful.
Bah!! Once again I put a whole heap of stuff in a /Talk that really belongs under its own link. Anyone care to do this? Thanks.
If I was motivated I could also add stuff here about:
data-recovery services (ie. depends how big your pocket is, data is never lost.)
secure deletion (and Peter G(somethings) landmark paper) vs plain old rm.
link to honeypot project homepage
stuff about forensic analysis (That would be a huge amount of work though!!)
- Perhaps a central page named "The Sanctity Of Information" would be a good place to fork all of these sorts of topics from. Virii were recently written on, and these all have a security focus as well. I think it's all good stuff that this wiki would benefit from, although bringing it all back into a HOWTO of sorts feels difficult. At any rate, just providing skeletal links would be a decent start if you're stuck on the complexity of it all. -- rack
Similar to a Wiki Pros And Cons, have a Firewall Pros And Cons-type page? -- rack
Some resources appropriate to this topic:
- Linux Firewall And Security Site
- netfilter/iptables Homepage
- SINUX - firewall
- Floppy firewall - Replace your slow, buggy, and crash prone SyGate, WinGate, or Microsoft Internet Connection Sharing (ICS) system with fast, stable and FREE linux software!
- Hmm.. lots of floppy-based distros surrounding firewalling as well as connection sharing etc etc. Big topic. -- rack
- Uh, is there really any cons to using firewalls? It's better to be safer than necessary if you ask me. Like using condoms AND the pill :-) Sorry, I really couldn't resist that one. -- LukeyBoy
- Hmm.. well I suppose there could be discussion on the "why" of firewalls.. there are indeed problems when using firewalls, mainly for unlearned users.. file sharing and IMs bump into firewalls a lot. There is a latency issue for some people (although there shouldn't be). Maybe just branching off into a page discussing security and why firewalls are important would be nice. There are also DMZ concepts with firewall systems, with separate write-only logging systems etc. It's all interesting, but outside my knowledge. -- rack
