[Nottingham] Re: Social / website / Wireless Router - questions,
Martin
martin at ml1.co.uk
Tue Mar 22 21:34:49 GMT 2005
David Aldred wrote:
[---]
> I disabled firewalling on the main machine before starting!
>
> Practically, is there any point in having a firewall running on the machines
> 'this side' of the router, given the firewalling within the router itself?
Strangely enough... this is an 'argument' that I keep offering.
On a certain other very badly compromised OS, a firewall and virus
checker are essential. On a properly up to date linux box not offering
services, a firewall is not needed. (And there's no wild viruses.)
My view is that the firewall is superfluous. However, it does provide
another layer of security against the 'unexpected' or whatever might be
misconfigured. The penalty is that the firewall is itself yet another
thing to configure...
[...]
> operation), I'd use the settings on the router to open the relevant port for
> a limited time only, as I always did with Shorewall.
Obscurity or a brief time window is no defence. There's enough script
kiddies to sneak into a vulnerable system in seconds.
If your passwords are not good enough to leave sshd running full time,
then use much longer passwords! Restrict what users can log in, and
don't use obvious names like guest or root.
(And do not use plain old telnet or ftp where the passwords are sent as
plain text!)
Good luck,
Martin
--
----------------
Martin Lomas
martin at ml1.co.uk
----------------
More information about the Nottingham
mailing list