Security Basics mailing list archives
Re: Need Help Building Linux Based Firewall
From: Devdas Bhagat <dodobh () nettaxi com>
Date: Sat, 30 Nov 2002 02:00:35 +0530
On 28/11/02 09:23 +0530, phani () myrealbox com wrote: <snip>
2. What are the application/software required to be installed?Again, if you are running a separate box as the firewall , then *no* app shld be installed except for the firewall.
What about application proxies? SOCKS? I would definitely consider proxies as part of a firewall (OSI layer 7). If you mean a firewall only as a stateful packet filter, then yes no applications should be running there. But if you consider a firewall as a security system, then application layer proxies should be included in too. The best packet filter in the world will not protect your unpatched public Apache box from being exploited. OTOH, breaking into a patched Apache box is a different issue. Security is a process. Defense must be in depth. ACLs on the edge routers to prevent RFC 1918 addresses from entering your network, egress filtering, SPFs to reduce noise close to the edge, Application layer firewalls defending applications, secure code in the applications themselves, encrypted network communications, IDS, clued up users.......... The ultimate firewall of course, is secure code, running on a physically secure machine, with level 8 security in place. Firewalls as a bandage for bad code are a bad idea. Properly used to segment networks with varying security requirements, they can be useful. Devdas Bhagat
Current thread:
- Re: Reasons for using an external firewall, (continued)
- Re: Reasons for using an external firewall Paul Cardon (Nov 21)
- Re: Reasons for using an external firewall Steve Bremer (Nov 21)
- Basic rules for IPTABLES protection Erick Arturo Perez Huemer (Nov 25)
- RE: Basic rules for IPTABLES protection Michael Sconzo (Nov 26)
- Re: Basic rules for IPTABLES protection Patrick Benson (Nov 26)
- RE: Basic rules for IPTABLES protection BurntCircuit (Nov 26)
- Need Help Building Linux Based Firewall Khuzairi Yahaya (Nov 27)
- Re: Need Help Building Linux Based Firewall Johannes Ullrich (Nov 28)
- Re: Need Help Building Linux Based Firewall Jason Dixon (Nov 28)
- Re: Need Help Building Linux Based Firewall phani (Nov 28)
- Re: Need Help Building Linux Based Firewall Devdas Bhagat (Nov 29)
- Basic rules for IPTABLES protection Erick Arturo Perez Huemer (Nov 25)