From owner-freebsd-security Mon Dec 13 23: 4:19 1999 Delivered-To: freebsd-security@freebsd.org Received: from jason.argos.org (a1-3b058.neo.rr.com [24.93.181.58]) by hub.freebsd.org (Postfix) with ESMTP id 9786215864 for ; Mon, 13 Dec 1999 23:03:49 -0800 (PST) (envelope-from mike@argos.org) Received: from localhost (mike@localhost) by jason.argos.org (8.9.1/8.9.1) with ESMTP id CAA31509; Tue, 14 Dec 1999 02:03:47 -0500 Date: Tue, 14 Dec 1999 02:03:47 -0500 (EST) From: Mike Nowlin To: Adidas Boy Cc: freebsd-security@FreeBSD.ORG Subject: Re: Why use a Firewall? In-Reply-To: <19991213161434.34190.qmail@hotmail.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > I have always wondered what does a firewall really do for one? I mean > why should one have one for their web servers and what kind of protection > does it give to protect against hackers or what not? > If i was to install a firewall what types of programs should I > install? One of the very basic things a simple firewall can do is restrict access to certain machines... We have quite a few boxes at work, and some of those are heavy-security machines that really have little or no business being directly connected to the world -- why risk exposing them to attacks? All of our Alphas & RS6000's are prohibited from any traffic to/from the router directly, but they ARE allowed to talk to the proxy server... Without the firewall, it would be trivial for our users to telnet directly into the machine (or out of it). We only allow outside access to those machines for a very small set of users, and they have to telnet into one of the "public" machines first, then telnet to the Alpha -- only users on the "approved" list have accounts on the public machine. mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message