linux firewall

I have another question opened about the firewall in windows 7, and someone responded with an article that describes the fact that blocking outbound connections is just "security theater" meaning that all outbound connection are
allowed, unless it is specifically denied. But even if the out bound connection is denied, the guy who wrote
the article said that a virus, or malware would just take over an existing out bound connection and use it
instead.
I thought the best practice was to block everything ( inbound and outbound ) and then allow things as needed. but from reading this article i started wondering if this is just a windows thing, and maybe Linux was different. I'm a fan of Linux but I have to live in a windows world. Being a fan of Linux, I have seen several times that Linux is inherently more secure than windows. Is that true? and if so, is the firewall better in that if you block an outbound connection, it will be blocked and not be "security theater"
LVL 1
JeffBeallAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Kent WSr. Network / Systems AdminCommented:
On your outbound firewall question, I think the general consensus is it's usually more headache than it's worth.
Yes, it's more secure, but normally if you are hijacked, it's going to be on a port you have already allowed out anyway (80, 25, etc.).  
The same rules apply to any OS or security device.  There are many more exploits for WIndows, this is true, so just by the numbers, there are less exploits for native Linux.  "Native" because when you start adding apps like Wordpress, etc., that are open to the world, you also open up all the exploits of that particular package to your system.  OpenSSL recently had the "heartbleed" issue. Generally, the more popular the package, the more it's targeted.    

True viruses / malware on Linux are almost non-existent.  Reasons for this are two fold...first, it's just much more secure in design from the ground up.  Second, most Linux users are a more savvy lot than your average WIndows users.  
Windows is very heavily targeted, for instance, with the many novice users clicking away, and with the saturation of social media sites with tons of back and fourth sharing, it's an environment rich for an awaiting disaster.

Now, as for the Windows7/8 OS firewalls within the system, it's probably better to have that on and make exceptions as the client needs.  It's not as intrusive as trying to allow all the correct outbound ports for an edge firewall.  It can be honed a bit to the users browsing practices and access needs.  

If, on the other hand, you have a system with, say, heavy PCI / HIPPA concerns, then block all in/out and allow exceptions as needed is the best rule of thumb.  

The answer really depends on the individual system, and what's it's cost in terms of attention vs. time vs. data value are.  If you are really granular with users desktops, you can expect a lot of calls and issues.  But, on the other hand, "sensitive" systems require more inherent security, as the real cost of a breach in, say, customer data, you don't want to be forced to quantify.  It can sometimes literally be the downfall of a company.  Or, at the very least, a huge black eye. (Target, we're looking at you..)

Hope that helps.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
JeffBeallAuthor Commented:
thank you - that was a very informative, descriptive answer.
I usually wait to see other comments, but I think your an answer is everything I need to know.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.