[Nottingham] Re: Social / website / Wireless Router - questions,

Martin martin at ml1.co.uk
Tue Mar 22 21:34:49 GMT 2005

David Aldred wrote:
> I disabled firewalling on the main machine before starting!
> Practically, is there any point in having a firewall running on the machines 
> 'this side' of the router, given the firewalling within the router itself?  

Strangely enough... this is an 'argument' that I keep offering.

On a certain other very badly compromised OS, a firewall and virus 
checker are essential. On a properly up to date linux box not offering 
services, a firewall is not needed. (And there's no wild viruses.)

My view is that the firewall is superfluous. However, it does provide 
another layer of security against the 'unexpected' or whatever might be 
misconfigured. The penalty is that the firewall is itself yet another 
thing to configure...

> operation), I'd use the settings on the router to open the relevant port for 
> a limited time only, as I always did with Shorewall. 

Obscurity or a brief time window is no defence. There's enough script 
kiddies to sneak into a vulnerable system in seconds.

If your passwords are not good enough to leave sshd running full time, 
then use much longer passwords! Restrict what users can log in, and 
don't use obvious names like guest or root.

(And do not use plain old telnet or ftp where the passwords are sent as 
plain text!)

Good luck,

Martin Lomas
martin at ml1.co.uk

More information about the Nottingham mailing list