linux firewall

Posted on 2014-08-06
Last Modified: 2014-08-06
I have another question opened about the firewall in windows 7, and someone responded with an article that describes the fact that blocking outbound connections is just "security theater" meaning that all outbound connection are
allowed, unless it is specifically denied. But even if the out bound connection is denied, the guy who wrote
the article said that a virus, or malware would just take over an existing out bound connection and use it
I thought the best practice was to block everything ( inbound and outbound ) and then allow things as needed. but from reading this article i started wondering if this is just a windows thing, and maybe Linux was different. I'm a fan of Linux but I have to live in a windows world. Being a fan of Linux, I have seen several times that Linux is inherently more secure than windows. Is that true? and if so, is the firewall better in that if you block an outbound connection, it will be blocked and not be "security theater"
Question by:JeffBeall
    LVL 12

    Accepted Solution

    On your outbound firewall question, I think the general consensus is it's usually more headache than it's worth.
    Yes, it's more secure, but normally if you are hijacked, it's going to be on a port you have already allowed out anyway (80, 25, etc.).  
    The same rules apply to any OS or security device.  There are many more exploits for WIndows, this is true, so just by the numbers, there are less exploits for native Linux.  "Native" because when you start adding apps like Wordpress, etc., that are open to the world, you also open up all the exploits of that particular package to your system.  OpenSSL recently had the "heartbleed" issue. Generally, the more popular the package, the more it's targeted.    

    True viruses / malware on Linux are almost non-existent.  Reasons for this are two fold...first, it's just much more secure in design from the ground up.  Second, most Linux users are a more savvy lot than your average WIndows users.  
    Windows is very heavily targeted, for instance, with the many novice users clicking away, and with the saturation of social media sites with tons of back and fourth sharing, it's an environment rich for an awaiting disaster.

    Now, as for the Windows7/8 OS firewalls within the system, it's probably better to have that on and make exceptions as the client needs.  It's not as intrusive as trying to allow all the correct outbound ports for an edge firewall.  It can be honed a bit to the users browsing practices and access needs.  

    If, on the other hand, you have a system with, say, heavy PCI / HIPPA concerns, then block all in/out and allow exceptions as needed is the best rule of thumb.  

    The answer really depends on the individual system, and what's it's cost in terms of attention vs. time vs. data value are.  If you are really granular with users desktops, you can expect a lot of calls and issues.  But, on the other hand, "sensitive" systems require more inherent security, as the real cost of a breach in, say, customer data, you don't want to be forced to quantify.  It can sometimes literally be the downfall of a company.  Or, at the very least, a huge black eye. (Target, we're looking at you..)

    Hope that helps.
    LVL 1

    Author Closing Comment

    thank you - that was a very informative, descriptive answer.
    I usually wait to see other comments, but I think your an answer is everything I need to know.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Is Threat Intelligence?

    Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

    Little introduction about CP: CP is a command on linux that use to copy files and folder from one location to another location. Example usage of CP as follow: cp /myfoder /pathto/destination/folder/ cp abc.tar.gz /pathto/destination/folder/ab…
    SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
    Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
    Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now