You yourself said:
You don't? Keystroke loggers and rootkits certainly qualify as "spyware and stuff", so it would seem Linux systems need the same kind of protection.Why is a firwall important on Windows? Because there also outgoing traffic needs to be filtered. All that spyware and stuff the gets installed among "legal" software. You don't have this in Linux...
I'm not the only one who thinks so, and to support my argument, here's something from Ed Skoudis in Counter Hack Reloaded:
Linux systems do get compromised, in a wide variety of ways, and I believe using a firewall of some kind is a prudent step toward securing a Linux machine....it's very helpful to have a basic knowledge of the Linux and UNIX operating systems because they are so popular as target platforms and as operating systems from which to launch attacks. (emphasis mine)
If you don't want to use a firewall on your Linux system, by all means do as you please; but I see little point in continuing this discussion. Let's agree to disagree and keep trying to help other users as best we can.
Mark
I have a question related to the original post...
I recently upgraded from Gutsy to Hardy. In Gutsy I was using Firestarter with no problems, and the same seems to be true now in Hardy. Is there any reason that I should be using ufw instead (and if so, how)?
I'm going to do a fresh Hardy install on a new drive soon just to start over with an encrypted file system, so I also wonder if Firestarter will still be part of my installation in that case.
If it ain't listening, then there is simply nothing that would accept incoming connections, and hence: nothing to attack.
For most of them you'd already need to be "root" in the first place to install them, e.g. you'd need to exploit a server somehow. As non-root you could only hope to exploit a single user's stupidity by e.g. sending them scripts and programs they don't understand via e-mail and hope they will be daft enough to execute them. Maybe you get lucky and you hit the one account with "sudo" priviledges. But all this talk of rootkits and keyloggers is highly exaggerated. As home user you are highly unlikely to ever run across one of those things.
You're mixing apples and oranges here. Firewalls protect against network threats ... if you configure them right. Keyloggers? Root Kits? Different beasts altogether and firewalls don't protect against those.
That guy was clearly talking about servers IMHO ... Yes, badly maintained servers where no admin bothered to install any patches for way too long are popular targets. And they are far far more interesting. But again: A firewall is no cure against that. Take a DNS or a Mail server as example: Firewall or no firewall, but you have to let those services through anyway (what's the purpose of a mail server if you block the relevant ports with firewalls???). Chances are that on a badly maintained server where the lazy admin doesn't do a proper job you will encounter old and hackable versions of sendmail (= mail daemon) or bind (= DNS server daemon), and voila: You can be hacked. Firewall or no firewall.
This is extremely different from Windows where you have tons of highly unsafe, stupid and silly network protocols accepting connections from *anywhere* ... But typical Microsoft: Instead of shutting those silly services down or getting rid of them altogether they came up with this joke of "firewall" they ship with since XP .... and now everybody thinks that they absolutely "need" a firewall no matter what.
Trust me, things are very different here. If --different than Windows-- you are not running any network service whatsoever as is the case with Ubuntu "out of the box" you absolutely don't need any firewall whatsoever, for there simply is no protocol, no daemon, no service and no process a wannabe attacker could remotely connect to and hope to exploit.
Servers are a different story again: As soon as you dabble around with stuff such as SSH, Apache, SAMBA and other network services you have to think about these things, e.g. limit the range of IP addresses that may connect to your machine. Yes, that's what a firewall can be used for and where it indeed offers protection, e.g. shutting out those parts of the Internet you don't want to have any business with.
If you know what you do and why you do it, fine. Just don't do things because you are relying on false information that gives you a false sense of safety. See my examples above: Even with a firewall you might still be attackable depending on what you configured. Having a firewall is no guarantee whatsoever. As I said: Know what you do and why you do it and you will be fine
The immediate thought is if it ain't broke don't fix it.
ufw and firestarter so the same job. They are both front ends for iptables. ufw uses a command line interface where as firestarter uses a GUI (Graphical User Interface like Gnone or KDE). If you are getting on fine with firestarter then stick with it. Only play with ufw if you only have a command line interface.
All the best
vim Java PHP Perl and C a long time ago :/
ssh_user to ssh in then su to sudo_user. They have to guess 'name' and 'password' X 2 - sudo is good
Thanks for the reply. I actually decided to start fresh with a new Hardy installation (mostly because I wanted to encrypt the drive, and this gave me the opportunity to play around with some new software on my old installation without worrying that I might mess anything up). I installed Firestarter again and it (like pretty much everything else) is working perfectly and with no complications.
Bookmarks