Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


linux firewall

Posted on 2014-08-06
Medium Priority
Last Modified: 2014-08-06
I have another question opened about the firewall in windows 7, and someone responded with an article that describes the fact that blocking outbound connections is just "security theater" meaning that all outbound connection are
allowed, unless it is specifically denied. But even if the out bound connection is denied, the guy who wrote
the article said that a virus, or malware would just take over an existing out bound connection and use it
I thought the best practice was to block everything ( inbound and outbound ) and then allow things as needed. but from reading this article i started wondering if this is just a windows thing, and maybe Linux was different. I'm a fan of Linux but I have to live in a windows world. Being a fan of Linux, I have seen several times that Linux is inherently more secure than windows. Is that true? and if so, is the firewall better in that if you block an outbound connection, it will be blocked and not be "security theater"
Question by:JeffBeall
LVL 12

Accepted Solution

Kent W earned 2000 total points
ID: 40244081
On your outbound firewall question, I think the general consensus is it's usually more headache than it's worth.
Yes, it's more secure, but normally if you are hijacked, it's going to be on a port you have already allowed out anyway (80, 25, etc.).  
The same rules apply to any OS or security device.  There are many more exploits for WIndows, this is true, so just by the numbers, there are less exploits for native Linux.  "Native" because when you start adding apps like Wordpress, etc., that are open to the world, you also open up all the exploits of that particular package to your system.  OpenSSL recently had the "heartbleed" issue. Generally, the more popular the package, the more it's targeted.    

True viruses / malware on Linux are almost non-existent.  Reasons for this are two fold...first, it's just much more secure in design from the ground up.  Second, most Linux users are a more savvy lot than your average WIndows users.  
Windows is very heavily targeted, for instance, with the many novice users clicking away, and with the saturation of social media sites with tons of back and fourth sharing, it's an environment rich for an awaiting disaster.

Now, as for the Windows7/8 OS firewalls within the system, it's probably better to have that on and make exceptions as the client needs.  It's not as intrusive as trying to allow all the correct outbound ports for an edge firewall.  It can be honed a bit to the users browsing practices and access needs.  

If, on the other hand, you have a system with, say, heavy PCI / HIPPA concerns, then block all in/out and allow exceptions as needed is the best rule of thumb.  

The answer really depends on the individual system, and what's it's cost in terms of attention vs. time vs. data value are.  If you are really granular with users desktops, you can expect a lot of calls and issues.  But, on the other hand, "sensitive" systems require more inherent security, as the real cost of a breach in, say, customer data, you don't want to be forced to quantify.  It can sometimes literally be the downfall of a company.  Or, at the very least, a huge black eye. (Target, we're looking at you..)

Hope that helps.

Author Closing Comment

ID: 40244684
thank you - that was a very informative, descriptive answer.
I usually wait to see other comments, but I think your an answer is everything I need to know.

Featured Post

Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Fine Tune your automatic Updates for Ubuntu / Debian
Often times it's very very easy to extend a volume on a Linux instance in AWS, but impossible to shrink it. I wanted to contribute to the experts-exchange community a way of providing a procedure that works on an AWS instance. It can also be used on…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Suggested Courses
Course of the Month14 days, 7 hours left to enroll

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question