Solved

do i still need a firewall

Posted on 1998-12-14
5
206 Views
Last Modified: 2010-03-18
I'm studying in University of St. La Salle, i am currently
studying in advance how to setup a server.  I don't know anything about networking or linux but i want to learn, so bear with me if my question is stupid :). I'm just wondering if i still need to install a firewall to my
mini server (my computer, installed with a linux. it has an ethernet card connected to a hub with 2 modems connected to each slot. I am connected to a the internet).
When someone connects to one of the modem, do they still need to log in ? or are they automatically connected to the dialup network and to the internet? well, i want them to login first, i don't want any stranger wondering around my connections....do i still need the firewall?? in my understanding firewall are suppose to protect my modems from unauthorize entry..by requiring user to login.

0
Comment
Question by:misguided
  • 2
  • 2
5 Comments
 
LVL 5

Expert Comment

by:JBURGHARDT
ID: 1587889
NO, If you like to learn more about firewall try www.linux.org support HOWTO Firewall proxy server
0
 
LVL 1

Expert Comment

by:zblaxell
ID: 1587890
Whether you need a firewall or not depends on the security policy determined by your site's security administrator.  If your site doesn't have a security administrator or a documented security policy (and since you're at a university I assume it has a fairly liberal one if any), or if your site's official policy states that no firewalls are needed, then you probably don't need a firewall.  The problem is that you are creating a new network access point (through your modems onto the ethernet hub).  Most campus networks have some kind of policy about that (either for or against) and some sites (especially corporate ones) have fairly severe consequences for failing to abide by security policy (i.e. you can get fired).  Find out what kind of policy applies to you.

It is possible to configure the Linux networking subsystem to perform many of the functions of a firewall; however, if it is possible to log into the Linux server then it usually also possible to subvert the security of the Linux server (especially if the server has unnecessary software installed) and from there disable the firewall in the Linux kernel.  For this reason a separate piece of hardware (either another Linux box with all unnecessary software removed, or a dedicated commercial security product) might be required.  However, this is fairly extreme security and might be more than you'll ever need.

You might also want a firewall to prevent the Internet from having access to your machine--academic sites are well known for having less than total security and a higher number of people who know how to exploit security problems than the general population.

For any machine connected to the Internet, remember that security vulnerabilities more than six months old are routinely exploited using widely available automated searching tools.  If you have a Linux system that has not been updated in eight months or more, then you are probably vulnerable to a number of automated network attacks that grant root access to your machine to anyone who knows how to download and run software from the Internet.  See http://www.rootshell.org/ for examples.

What happens when someone connects to the modem depends on how you are set up to answer data calls.  If you're using mgetty then the /etc/mgetty+sendfax directory contains configuration files that determine how calls are handled.  mgetty can be configured to give the user the usual 'login' prompt, or it can simply hand the connection over to pppd and you can use PAP authentication within pppd itself for usernames and passwords.
0
 

Author Comment

by:misguided
ID: 1587891
my point is do i really need one or is linux secure enough??
thanx..:) (i just want minimal security).
0
 
LVL 5

Expert Comment

by:JBURGHARDT
ID: 1587892
If you are using win95 or win98 do you have firewall on it?  
Linux is more secure than windows and if you logon on it as normal user not root then you will be fine. If you use this your computer as webserver you will want to have  firewall
0
 
LVL 1

Accepted Solution

by:
zblaxell earned 20 total points
ID: 1587893
If you want minimal security then you don't need a firewall.

If your system is set up correctly, the only thing a modem user will be able to do is use PPP to reach other systems.  A firewall will therefore have almost zero security impact on your system, but an impact on other systems on the same network.  If you don't consider this a problem then you just don't need a firewall.

The only thing a firewall can do is limit the modems' access to the network your machine is connected to once the modem has connected.  If you don't want to do that, then a firewall is much less useful.  They can still do cool things like IP address mapping or boring things like count the total number of network bytes sent or received though.

Note that having a firewall does not make your system "secure" -- there are dozens of ways to attack a Linux system even with a firewall:  bad (easy-to-guess) passwords, unnecessary servers, and out-of-date Linux revisions will all let intruders into your system whether you have a firewall or not.

Linux is probably secure enough for your purposes if you keep up to date with the updates on "updates.redhat.com".  Red Hat usually delivers security fixes 24 hours after they are found.
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now