[Techtalk] Personal firewalls: helpful?
Gebhard Dettmar
gebhard.dettmar at student.hu-berlin.de
Mon Jun 6 21:00:19 EST 2005
On Monday 06 June 2005 11:25, Dan wrote:
> I've heard of Windows users running personal firewalls (i.e.,
> implemented in software). I don't have to worry about that because I
> don't run Windows, but I do wonder whether these personal firewalls do
> any good. Obviously they're not as good as a dedicated machine, but I
> assume they still provide some protection.
I have no idea about that
> Does anyone know what kind of attacks personal firewalls protect against
> (and what kind of attacks they don't)?
They protect you from attacks through open ports. They are useful but don't
always make sense.
well, first you have to find out, which ports are open. You have open ports
because of services that are listening on them (like smtp on port 25, ssh on
22 etc.) You can install a portscanner like nmap or google for portscans and
choose an internet site. I just did it on
http://www.heise.de/security/dienste/portscan/ (german site)
It tells me, on my machine ports 22 (ssh), 80 (http), 113 (auth) and 443
(https) are open. Now I have two choices: I ask myself if I want to offer
those services. As a private user this is very unlikely. So I disable them
and everything is fine. Second, I still let them run but close the ports via
Firewall. Since I don't want to offer them anyway, this is secure but doesn't
really make sense - if I disabled them, I wouldn't need a firewall anymore.
So a firewall is usefull if you want to offer services, close the ports and
define rules who is allowed to connect and who is not.
How to disable them depends on your distribution. I have debian and run
update-inetd --disable <service> or --remove <service> or do it manually by
en-/disabling entries in /etc/inetd.conf. There are also firewalls
like fwbuilder
In Windows disabling services is unfortunately not so easy. If you try to
disable one you will be told that this daemon depends on 100 other
daemons and after disabling them you have no internet-access anymore, your
system won't boot, your car will crash and your house will blow up ;-) So
everyone runs a personal firewall
HTH
Gebhard
More information about the Techtalk
mailing list