Loading ...
Sorry, an error occurred while loading the content.

Re: [NTO] XP FIREWALL

Expand Messages
  • Alan C
    ... ? ... What Linux distros are you refer to since I know some distro that do not even ship with a firewall (one must provide their own firewall). I use
    Message 1 of 14 , Jan 13, 2008
    • 0 Attachment
      On Jan 13, 2008 6:52 AM, Gerard Huijing <inboxgen@...> wrote:

      > Alan C wrote:
      > >
      > > AFAIK the native Linux firewall does just what (the same as) the built
      > in
      > > Win XP firewall does.
      > >
      >
      >
      > This remark re WinXP native firewall and Linux firewalls may be a bit
      > confusing, but maybe you mean something quite different than what the
      > message appears to say.
      >
      > The firewalls in the Linux distributions I know of come with a set of
      > preconfigured rules that regulate both incoming and outgoing traffic. In
      > other words, they are two-way firewalls and Windows' own firewall, in XP
      > at least, is not. This the reason why I have immediately switched it off
      > and use a proper


      ?


      > (software) firewall instead, in my case Agnitum Outpost.


      What Linux distros are you refer to since I know some distro that do not
      even ship with a firewall (one must provide their own firewall).

      I use Slackware and Debian. And I maintain a CentOS 4.6 box for my friends.

      Ok, I should have limited my comment in my former post, more specifically to
      "Linux distros that I myself use" because what I said now absolutely
      applies.

      proper? I definitely agree with you on that one for Win XP but not for the
      Linux distros that I use.

      What's "proper" is what's needed according to the overall or bigger picture
      context.

      Perhaps you missed my point?

      My point was: if it's not even possible for something illegitimate to get
      installed -- then -- there will never ever be any illegitimate outbound
      requests therefore a "proper" firewall in this case is one with
      characteristics just like the native Win XP firewall since in this (Linux or
      *maybe* a tightened Windows system) case there is no need, not ever, to
      monitor for potential illegitimate as to the or any outbound requesting sort
      of apps

      IOW (due the overall or bigger picture construct, I used the Linux (*distros
      that I use*) security model as an example) if there can't be, not even the
      possibility of illegitimate outbound then there's no need to monitor (using
      firewall) for something that cannot happen.

      Greater separation of user versus root or administrator. Run all the time
      as a "user".

      User is not privileged enough to install software nor alter any www related
      security things.

      User can't do anything but use. For anything else, root or administrator
      must be logged onto. (as in separate accounts to log onto, each of the
      mentioned separate account with drastically different in the way of
      privileges or the amount of power of what is allowed to do).

      So, once again, what sort of firewall is needed is dependent upon how tight
      or how loose you are, security wise, in the mentioned overall or bigger
      picture. That was the point that I was attempting to make.

      But my intention here is not to advocate that "thus and such requires the
      use of (whatever)"

      But, to me, (mainly, anyways, the intention or point that I attempt here to
      get across) that the concept of computer security that there are many many
      components or ingredients that can make for and which can also make for the
      lack of computer security. (a software) Firewall is *only one* of such
      components or ingredients.

      Even the built in Win XP firewall "monitors" outbound -- it does so for the
      purpose to only allow back in what had been initially requested from within
      -- oh, well, too bad if it was an "illegitimate outbound request that was
      initiated from within (no protection)"

      So, such built in XP firewall monitors outbound and inbound.

      So does your mentioned Agnitum.

      The difference is that the Agnitum also monitors for the potential of
      "illegitimate requests that are outbound requests that are initiated from
      within".

      --
      Alan.


      [Non-text portions of this message have been removed]
    • Gerard Huijing
      ... Fedora, and openSUSE. I have used several other distributions in the past (ZenWalk, Vector among others) I will stick to the first two: they have a
      Message 2 of 14 , Jan 13, 2008
      • 0 Attachment
        Alan C wrote:
        >
        >
        > What Linux distros are you refer to since I know some distro that do not
        > even ship with a firewall (one must provide their own firewall).
        >
        > I use Slackware and Debian. And I maintain a CentOS 4.6 box for my friends.

        Fedora, and openSUSE. I have used several other distributions in the
        past (ZenWalk, Vector among others)
        I will stick to the first two: they have a configuration file that
        regulates inbound and outbound traffic. It is configured on the basis
        of choices offered by the install program. ("Do you want this machine to
        provide ftp services?" etc.).

        If I tested my service ports after I had installed (which I alway did),
        e.g. with Gibson Shields Up, the report would be with SUSE: all ports
        stealthed (DROP) except 113 (IDENT) which was closed (REJECT). ICMP echo
        requests from outside to the firewall were rejected. I could choose to
        stealth 113, and change the other rule: DROP the pings). I always did
        that too. Mine is a stand alone PC and I had no problems (although the
        documentation says that changing these settings can have adverse effects).

        When you install SUSE or Fedora that configuration file (essentially a
        script for iptables) is also generated. On those grounds I would say
        that a firewall is in place to start off with.

        > proper? I definitely agree with you on that one for Win XP but not for the
        > Linux distros that I use.

        I used "proper" because I have read so many criticisms of the XP
        firewall saying exactly that: "Yes, indeed XP has its own firewall but
        it's not a *proper* one: it only monitors inbound".

        >
        > What's "proper" is what's needed according to the overall or bigger picture
        > context.

        I quite agree.

        > Even the built in Win XP firewall "monitors" outbound -- it does so for the
        > purpose to only allow back in what had been initially requested from within
        > -- oh, well, too bad if it was an "illegitimate outbound request that was
        > initiated from within (no protection)"

        Precisely! It's the unnoticed illegitimate ones I am worried about.
        Thank you for the more precise description of what is going on in XP
        firewall BTW.

        Your point was, very much in a nutshell: the situation WinXP plus native
        FW is comparable to Linux 'sec' with some essential qualifications
        regarding the whole implementation of the OS, which make Linux so much
        safer to start with.

        I quite agree, again. I know that the situation in ArchLinux or FreeBSD
        is like the one you have in mind. You have to install and configure your
        firewall yourself, from scratch.

        I quite enjoy trying to figure out iptables rules myself (after all I
        can only screw up my own PC), but I am also very happy that openSUSE and
        Fedora give me some safe settings to start off with.


        Cheers,
        Gerard





        --
        Gerard (E.G.P.) Huijing
        2312 ZD Leiden
        Netherlands
        inboxgen@...
      • Alan C
        ... Red Hat 8.0 was my first Linux. Then Red Hat 9.0. Then Fedora Core 1 and 2. Then I tried Slackware 9.0 or 10.0. I liked it. But then I hated it. But
        Message 3 of 14 , Jan 13, 2008
        • 0 Attachment
          On Jan 13, 2008 2:29 PM, Gerard Huijing <inboxgen@...> wrote:

          > Alan C wrote:
          > >
          > >
          > > What Linux distros are you refer to since I know some distro that do not
          > > even ship with a firewall (one must provide their own firewall).
          > >
          > > I use Slackware and Debian. And I maintain a CentOS 4.6 box for my
          > friends.
          >
          > Fedora, and openSUSE. I have used several other distributions in the
          > past (ZenWalk, Vector among others)
          > I will stick to the first two: they have a configuration file that
          > regulates inbound and outbound traffic. It is configured on the basis
          > of choices offered by the install program. ("Do you want this machine to
          > provide ftp services?" etc.).


          Red Hat 8.0 was my first Linux. Then Red Hat 9.0. Then Fedora Core 1 and
          2.

          Then I tried Slackware 9.0 or 10.0. I liked it. But then I hated it. But
          then I liked it.

          It was all about how much Unix/Linux acclimated I was back then.

          Near 2001 'till now be near 7 years since I first began my Linux foray.

          Since Slackware 10.2, Slackware has been my first go to distro (it's
          Slackware 12.0 now) (I no longer have the hate periods -- it's now all "I
          like it").

          It a very fun distro to customize to your own personal liking. (lots of
          community support for this distro). Once got (grasp) Slackware, am now
          acclimated to the Unix/Linux way.

          Slackware ships without a firewall. I use:

          http://www.slackware.com/~alien/efg/

          (rather powerful, loads many security related kernel modules).

          I also use:

          http://firehol.sourceforge.net/

          I once used a Debian package of that one on Debian.

          Debian is just for practice -- to keep me on my toes. I boot it only about
          20% of the time. Slack gets the other 80%.

          My friend's CentOS gives me some akin the direction of Fedora/Red Hat.
          After a while (no rush) I may put Debian or Slackware on my friend's box (so
          I don't have to scratch my head about CentOS things when I work on it).

          <snipped>

          I quite enjoy trying to figure out iptables rules myself (after all I
          > can only screw up my own PC), but I am also very happy that openSUSE and
          > Fedora give me some safe settings to start off with.


          I stay away from iptables rules (never end up with enough time to dedicate
          to it so as to learn it). I'm thankful that many various configurator tools
          for the task exist.

          --
          Alan.


          [Non-text portions of this message have been removed]
        Your message has been successfully submitted and would be delivered to recipients shortly.