the nessessity of a firewall?
Page 1 of 5 123 ... LastLast
Results 1 to 10 of 47

Thread: the nessessity of a firewall?

  1. #1

    the nessessity of a firewall?

    Good morning,

    I would like to gather the opinions of people on this forums on a rather sticky subject. Firewalls for the common user. Let's get straight to the heart of the subject. I do not use one, nor have used one for a very long time. Why is this? Because in my eyes, if I close off all ports manually (this is in windows xp pro) then the access to crack my system is detered because there is no way into the system. If no services are running, then obviously they can not get in. Sure, they may know I am on there because they can ping me. Sure they may learn I am running Windows XP Pro. But what good will that do if all ports are closed because no services uses them? They know I am there, but will also know I am untouchable.

    That is just my opinion, and I've never once had my system hacked into. Which brings us to the question of this thread. Why do you think a home user should work behind a firewall if closing ports and disabling services preforms the exact same functions? If you agree with me, that's fine to. But in either case, please explain your opinion in full so that we may all see your side, and perhaps learn something new today. Please note, this is for home users, not for buisnesses. Buisnesses are a completely different subject

    regards,
    Pooh Sun Tzu

  2. #2
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    If I show you 1000 people at random of computer owning age I guarantee you you cannot show me 5 of those 1000 that can accomplish what you have.

    Hence we have firewalls.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  3. #3
    Senior Member
    Join Date
    Feb 2003
    Location
    Memphis, TN
    Posts
    3,747
    I believe that for the common user, a firewall is necessary, as they don't know how to close ports or do other things to stop services. Since theres tons of things running on a default M$ install this leaves them vulnerable and open to an attack.

    I consider myself more of a advanced user of M$, yet I do run a firewall. I do keep all unecessary services turned off, but still find that having a firewall is a good thing.
    =

  4. #4
    I consider myself more of a advanced user of M$, yet I do run a firewall. I do keep all unecessary services turned off, but still find that having a firewall is a good thing.
    If services are disabled and there is no point or means of access in, what makes this a Good Thing©? Color me curious.

  5. #5
    Senior Member
    Join Date
    Feb 2003
    Location
    Memphis, TN
    Posts
    3,747
    Still there always that one chance that I've forgotten one service, or a program I've installed starts a service.

    Consider the firewall a safeguard.
    =

  6. #6
    Banned
    Join Date
    Jun 2003
    Posts
    927
    But why do it all manually all the ports if you can just take a firewall...
    I don't see the point of it

    /edit
    sure its not a necesity but its a lot harder and more complicated doing it your way...
    peace

  7. #7
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Because to rely on one avenue for security really isn't secure, IMHO. The best way is to have multiple layers if possible. Sorta think of it this way. You build a house with few to no windows (hardened system). But evidentally there still is a way in that someone might see your oodles of furs, diamonds and other fancy stuff. You don't want them to see that "fancy stuff etc" so you add a high brick wall around your house. (firewall).

    Never rely one one method for security. Have multiple and believe that they will fail at one point or another.

    That's my view.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  8. #8
    Good point. I can see the side of using it as a safe guard, but I also see it (and this is no offence to you) as a crutch for administrators. If an admin has to rely on a firewall because they are not 100% knowledgeable about what they install, then the system _will_ be compromised. If any admin installs software that installs a service, then they had better already know it installs a service and keep up to date on upgrades. Because, even with a firewall, he is still going to have to allow that port open to begin with, eliminating the need again, for a firewall. I've seen far too many home users and sysadmins alike install something one day and forget it even existed the next day

    sure its not a necesity but its a lot harder and more complicated doing it your way...
    Not at all, actually. It's three clicks at the most.


    You don't want them to see that "fancy stuff etc" so you add a high brick wall around your house.
    I can completely understand having two layers of security just in case, but this is a home system, not a buisness. And this brings me back to my point: If there is no means for them to get in because all services are disabled, then they can look all the want, but never touch the internals. Please correct me if I am wrong on that statement!
    It's better to be hoenst and let me know if there is in fact a workaround into a system running perhaps only one service, all other ports closed, and that one service continually updated.

  9. #9
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    But why do it all manually all the ports if you can just take a firewall...
    I don't see the point of it
    For a variety of reasons:

    - if the port(s) open, then the service is running. Do you really need that service running and opening a potential way in?

    - firewalls can be by-passed. Not a new concept, perhaps more trickier with more advanced firewalls but still a possibility. Add that possibility and you now have a way in.

    See my post above for more reasoning behind it.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  10. #10
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    I can see the side of using it as a safe guard, but I also see it (and this is no offence to you) as a crutch for administrators.
    Oh agreed and no offense taken. I believe in debate when it's done intelligently and this is a good discussion IMHO.

    This is a big reason why I dislike Microsoft's adage of "Everything open and close what you need" rather than Novell's view of "Close everything and open what you need". The issue of a crutch for administrators is that admins are overworked, underpaid and don't have enough time. It's easy to deal with it when it's a single machine and if there's an "oops", it's an easy fix. But when networks get larger and stress mounts it can be harder (not a defence but rather a bit of reality check).

    I believe that admins should build their systems secure from the start and "harden" them beforehand. And because they cannot rely on all users to do the same (or to do worse to their systems) they need that extra defense. The human element makes it challenging sometimes.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides