Why must I use firewall ?
philip.payne at uk.mci.com
Tue Jun 24 05:47:25 PDT 2003
> So far, I known firewall is a choice when I want
> to protect my boxes from crackers but my question is
> if I closed the service I don't use (such as port 25
> for STMP) so the cracker out there can't attack,
> what's the reason "firewall" come to play ?
>From a general viewpoint the more levels of security the better. i.e.
shutting down the service=good, shutting down the service + filtering out
unwanted traffic at the network edge (firewall) = better, shutting down the
service + filtering out the unwanted traffic (firewall) + observing internal
traffic for odd things (IDS) = even better.
Firewalls are generally positioned at network gateways, where as servers are
generally within the network. This means carrying out security at the
firewall is much easier as it is the focal point for all network traffic.
Firewalls generally have a much better logging ability, this is again helped
by their positioning in the network. Logging will be important in the
post-cracking examination of what went wrong.
More importantly, you shouldn't be thinking "Should I use a firewall?" you
should be thinking "what should my security model look like?"
Firewalls are only a security tool to be used in addition to correct
configuration of the server, security audits, IDS, penetration tests,
account/password management and business practices/procedures.
However.... any security procedure you put in place must be cost effective
i.e. The cost of your security hardware/procedure/implementation must be
less than the cost of total destruction of your data and it's replication in
a disaster recovery procedure (1 times, 2 times or 3 times... your choice as
to how often you think this will happen).
Hope those general comments help.
More information about the freebsd-questions