On Friday 16 May 2008 07:39:27 pm lostson wrote: > On Fri, 2008-05-16 at 19:09 -0700, Lee Glidewell wrote: > > On Friday 16 May 2008 07:02:59 pm Paul Johnson wrote: > > > On Friday 16 May 2008 07:01:38 pm lostson wrote: > > > > My 2 cents a default firewall would be nice > > > > > > You mean like Windows has? How about not. Here's why: > > > http://samspade.org/d/firewalls.html > > > > The money quote from that link: > > "So... what does a 'personal firewall' actually do? Well, effectively it > > listens on all the ports on your system. This provides no real additional > > security over turning off the services that you don't use." > > > > The nature and purpose of a "firewall" seems to be greatly misunderstood. > > Personally, I think security vendor hype is as much to blame as naivete. > > > > Lee > > So basically a firewall is useless ? > > LostSon
Well, no, I wouldn't go that far. I would say, however, that a generic, all-purpose software firewall isn't going improve Debian's "out of the box" security. If you know what you're doing, on the other hand, packet filtering software is incredibly useful. The point about the hardware firewalls boils down to two facts: 1) If you're serious about security, you should separate services. This means giving iptables its own box (e.g., a retail NAT router) rather than assigning a workstation to double-duty. 2) If you don't want to set up your own filtering rules, a retail NAT router is a better solution than an iptables configuration utility. The bottom line, IMO, is that a "firewall" is only a set of rules. How useful it is can only be judged in light of the specific function of the computer it's protecting. Lee -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
