[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: firewall

On Wed, Jul 4, 2012 at 2:15 AM, Ralf Mardorf <ralf.mardorf@alice-dsl.net> wrote:
> On Wed, 2012-07-04 at 11:19 +0800, lina wrote:
>> Hi,
>> I don't know which firewall (http://wiki.debian.org/Firewalls) I should choose.
>> Thanks ahead for recommendation, and it will be very nice if you tell
>> me why you recommend this one.
> To answer drily: Test them and report what firewall does protect you the
> best against no attacks. Linux for home usage was safe, is safe, will be
> safe. Yes, it's safe regarding to things I criticize. I don't criticize
> protection per se, I only worry about toooo much security for nothing.

I disagree. Its about defense in depth. Because what happens if you
get a piece of bad software that opens a vulnerability? And yes, that
could happen to a home Linux user as easily as a corporate one, since
they are using the same update mechanisms. In fact, I would posit that
a home user could be at *more* risk, since, in theory, a corporate
user would be limited in the amount and types of software
installed...Corporate server vs home workstation.

So a piece of bad software gets introduced into the repos. It could
happen...And having a firewall in place (an external firewall would
have the advantage of not being able to be turned off by said

So it comes down to where the line between "protection" and "too
much". Which means it comes down to the following two questions. "What
are you trying to protect?" and "Who are you trying to defend
against?" For a home user, the obvious answer, like with corporate
users is "your data." Consider what that data consists of. Personal
documents, banking information, pictures, etc, would all be valid
types of data. The types of data may be different, but the exercise of
protecting it would be the same as a corporate user.

Now as for the second question, who are you trying to defend against,
let's look at the windows world. You have people taking over boxes,
using them in botnets, stealing information, a whole niche market for
antivirus and antimalware products. IMHO, there are three things that
keep us from being in a similar situation. First, Linux users are
generally more savvy than Windows users (and less arrogant than Mac
users :) ); second, Linux has a higher bar for base security. Use of a
firewall, IDS, reading your logs only enhances that. But the fact that
the bar is higher doesn't mean its insurmountable. The third reason we
are not in the same boat as windows is that we have a much smaller
attack surface than Windows. Windows still has over 90% penetration on
the desktop, Therefore, they are the low hanging fruit.

This doesn't mean that we will never be in that boat, and only
vigilance will keep us out of it.

Just my 2 cents.

Reply to: