What firewall do I need to install under Linux? - they ask

This has been asked by a friend of mine some time ago. In short, you have the needed links over here: http://en.wikipedia.org/wiki/Netfilter

As it was a phone call, I started the conversation by telling him that you don't necessarily need a firewall, or at least it's not a problem if you will only have time to configure the system in a week or so. "Really?" - he gasped. In short, I told him, you can trust an Ubuntu system (okay, not the best example of this but that's what he had at hand :->) much more than what you had before. You see he was accustomed to seeing malware taking over his w. system in a matter of minutes and having a need for re-installation many times despite taking precaution (firewall, virus scanners, etc.) _and_ having an I.T. background.

He asked me how this could be true. I said it's simple. There exist many layers of protection that improve your security.

  • You can install software packages that are signed by a trusted third party (the distribution vendor).
  • Many have already installed and tested the same package before you. Some distributions offer staging areas which buffer packages for months (or even years) before releasing them into the stable pool.
  • Everyone is free to download and try the same, as packages are not hidden: they are browseable and searchable from your package manager.
  • The program source code of practically everything is available for you to review. And it's not only you who could do that, but also anyone else interested. So practically every bug or threat is "shallow" to so many eyes, especially if you factor in the buffer period.
  • Most software packages are licensed under a developer-friendly copyleft license that encourages collaboration. This attracts more programmers to both enhance and review the software.


As a last note on this topic, I have to caution that most any practical software could have vulnerabilities that will only surface after widespread deployment. This can be especially aggravated by programming language choice. So please opt for layered and redundant security if you do plan to run any remotely mission-critical projects and never blindly trust anything.

"The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts." - Gene Spafford, leading computer security expert and prof. of CS

Comments

Popular posts from this blog

Hidden TFTP of TP-Link routers

Tftp secret of TL-WR740N uncovered

When both Google *and* AppStatus is down