Page 4 of 6 FirstFirst ... 23456 LastLast
Results 31 to 40 of 53

Thread: Do I need a Firewall for Ubuntu?

  1. #31
    Join Date
    Feb 2012
    Beans
    Hidden!

    Re: Do I need a Firewall for Ubuntu?

    Quote Originally Posted by Dangertux View Post
    I am writing this because the previously posed question is asked consistently on this forum. I am hoping that I can create something of a generally accepted answer that contains all the necessary links to appropriate resources.


    So the question posed : Do I need a Firewall for Ubuntu?


    (...)

    Your post is very interesting, but you don't cover the case of an external firewall/router, which is the standard for any company seriously involved in security.

  2. #32
    Join Date
    Nov 2010
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: Do I need a Firewall for Ubuntu?

    Quote Originally Posted by CivilizationII View Post
    Your post is very interesting, but you don't cover the case of an external firewall/router, which is the standard for any company seriously involved in security.

    He covers routers, look here:

    Quote Originally Posted by Dangertux View Post
    Well, I'm behind a NAT router so none of this is for me, right?


    Wrong again. A NAT router is a great addition to your security, but as I've been enforcing throughout this post, that there is no catch all solution.


    A NAT router will prevent a service from being bound and accessible from the Internet. That being said, it works a lot like strong inbound only rules as we discussed earlier in this post. It does not provide protection against methods like a reverse connection designed to bypass a firewall. Another important thing to note is that the NAT router's protection is not host based. So if another machine on the network with yours is compromised the NAT router will offer your machine no protection.


    When used in conjunction with the other topics we've discussed in this post a NAT router is an excellent hardening measure, however as a stand alone solution it is lacking in many ways.
    Idea #26902: Give users "global control" over applications' outgoing internet connections
    http://brainstorm.ubuntu.com/idea/26902

  3. #33
    Join Date
    Jun 2011
    Location
    Atlanta Georgia
    Beans
    1,769
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Do I need a Firewall for Ubuntu?

    Quote Originally Posted by CivilizationII View Post
    Your post is very interesting, but you don't cover the case of an external firewall/router, which is the standard for any company seriously involved in security.
    Well -- this can become an extremely in depth discussion very quickly, but I'll try to hit the high points for you briefly. The first thing to understand about the original post is that this is meant for the use case of a home user or small - mid size company. Which by and large is the vast majority of use cases particularly as far as Ubuntu is concerned. In terms of large enterprises you are right, they do use external firewalls and routers, they also rarely use (only) host based firewalls. Another thing that is true of large enterprises is they RARELY use Ubuntu, the bottom line is it's just not stable enough yet for most production shops to put any serious thought into, and some of the larger scale enterprise tools aren't there yet. That , though is a discussion for a different thread.

    By and large if you're simply talking about standard firewalling and ACLs (not IPS, I'll get into that in a moment). You have to major factors to deal with when dealing with a large enterprise network. This is obviously taken from the perspective of an external attacker, so there may be limited if any internet facing systems. Which is where client side attacks come in, social engineering etc... In most cases if the methods discussed in the original post are carried out properly, IE a reverse shell, it will still bypass most corporate firewalls. NAT routing is NAT routing, and if the machine internal to the router has access out , an attacker can get a shell back. That being said, most CCNE's are rather clever (or so they think) and like to do things like IP whitelisting, and port whitelisting. Two things on that.

    - Most client side systems (not production systems unless it's something like a globally accessible webserver) will have access to the Internet, so pretty much every IP is fair game when it comes to whitelisting.

    - Ports... Okay, even if you block the obvious outbound on 7777 , you're not blocking (can't block) 53 UDP , and probably aren't blocking 53 TCP (zone transfers and large DNS requests).


    When you get more in depth and start talking about IPS you need to get more creating to bypass them. You start getting into things like encoding payloads to evade IDS/IPS and staged payloads. Most of these will effectively bypass even the best enterprise class IPS solutions if carried out properly (IE: your payload isn't signatured) now...If you toss back a reverse netcat or an unencoded meterpreter, you probably won't have a whole lot of success with a decent IPS. Though, some older appliances won't pick them up.

    Hopefully this helps, but by and large the basic principles in the original article will scale quite well to any size network, bearing in mind that you would be attacking an internet facing system or data management zone.

  4. #34
    Join Date
    Nov 2010
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: Do I need a Firewall for Ubuntu?

    Quote Originally Posted by Dangertux View Post
    In terms of large enterprises you are right, they do use external firewalls and routers, they also rarely use (only) host based firewalls. Another thing that is true of large enterprises is they RARELY use Ubuntu, the bottom line is it's just not stable enough yet for most production shops to put any serious thought into, and some of the larger scale enterprise tools aren't there yet.
    Dangertux, do large enterprises use RHEL? Is RHEL stable enough for Enterprise use? I thought Ubuntu LTS was equivalent to RHEL in terms of stability. Is RHEL more stable than LTS?
    Idea #26902: Give users "global control" over applications' outgoing internet connections
    http://brainstorm.ubuntu.com/idea/26902

  5. #35
    Join Date
    Jun 2011
    Location
    Atlanta Georgia
    Beans
    1,769
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Do I need a Firewall for Ubuntu?

    Quote Originally Posted by nrundy View Post
    Dangertux, do large enterprises use RHEL? Is RHEL stable enough for Enterprise use? I thought Ubuntu LTS was equivalent to RHEL in terms of stability. Is RHEL more stable than LTS?
    I work for a large corporation we use RHEL, AIX, and Solaris as well as Windows server.

    We dont use debian or Ubuntu . For a lot lf reasons. The main being that RHEL is the industry stabdard in terms of stability and support. Also bleeding edge distros like Ubuntu tend to be avoided in production shops.

    If you are interested in learning more about businesses that do use Ubuntu or Debian, I know that on the west coast they are becoming pretty popular with small to mid size
    companies.

    Hope this helps

  6. #36
    Join Date
    Nov 2010
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: Do I need a Firewall for Ubuntu?

    Quote Originally Posted by Dangertux View Post
    yet for most production shops to put any serious thought into, and some of the larger scale enterprise tools aren't there yet.
    Does RHEL have "larger scale enterprise tools" that Ubuntu doesn't have? Or is RHEL used primarily just because it's super stable and is the industry standard? I'm assuming that tools available on Linux would be available to all the distros.

    Fedora is at 16 currently. Do you know what version number RHEL is at now if it was loosely compared to a Fedora version? Like is RHEL roughly equivalent to Fedora 10?
    Last edited by nrundy; February 18th, 2012 at 04:36 PM.
    Idea #26902: Give users "global control" over applications' outgoing internet connections
    http://brainstorm.ubuntu.com/idea/26902

  7. #37
    Join Date
    Feb 2008
    Location
    Land of fire and drought
    Beans
    Hidden!
    Distro
    Xubuntu

    Re: Do I need a Firewall for Ubuntu?

    Quote Originally Posted by Dangertux View Post
    Also bleeding edge distros like Ubuntu tend to be avoided in production shops.
    Even LTS releases? I understand where you're comin' from, Dangertux, but just curious about your thoughts. Know I'm a tad off track, but ...

    PS: Shame that Win is like a leaky bucket so RHEL and a million other things need to be there in the first place for big corps using both. Catch 22/28 I guess. The story is never ending, that I understand also ...
    Last edited by Bucky Ball; February 18th, 2012 at 05:10 PM.

  8. #38
    Join Date
    Jun 2011
    Location
    Atlanta Georgia
    Beans
    1,769
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Do I need a Firewall for Ubuntu?

    To answer both questions RHEL does have some pretty spiffy tools for enterprises. things like kickstart, satellite server, red hat virtualization, tight integration of jboss etc.

    That being said, Ubuntu does have some similar tools. Landscape, tighter cobbler support in 12.04 etc. The LTS versions are more stable, but Ubuntu is the new kid on the block, and when corporations have been using RHEL for 8 or more years its going to be hard to push a conversion. You can make the finance argument but a few thousand dollars for RHEL entitlements is a drop in the bucket for companies like that

    As far as Windows goes it can be rather successful in a corporate environment and there is no better MTA than Exchange so you get kind of stuck there

    Hope thus helps

  9. #39
    Join Date
    May 2011
    Beans
    46

    Re: Do I need a Firewall for Ubuntu?

    Firewall on Ubuntu? No if you want to use it like normal user, Yes if you afraid of privacy very much.

  10. #40
    Join Date
    Nov 2010
    Location
    India
    Beans
    Hidden!

    Re: Do I need a Firewall for Ubuntu?

    well while coming to my opinion having Firewall is a best thing even though we are not a user who does sensitive things on the computer , because we are in web .
    Dont miss anything even it is small. one small pin is enough to bring down a man.


Page 4 of 6 FirstFirst ... 23456 LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •