From owner-freebsd-questions@FreeBSD.ORG Tue Jun 24 05:47:24 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0754837B409 for ; Tue, 24 Jun 2003 05:47:24 -0700 (PDT) Received: from mintaka.emea.mci.com (mintaka.wcom.co.uk [193.131.254.155]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3467A43FE5 for ; Tue, 24 Jun 2003 05:47:15 -0700 (PDT) (envelope-from philip.payne@uk.mci.com) Received: from sirius.emea.mci.com ([166.59.189.29] helo=sirus.emea.mci.com) by mintaka.emea.mci.com with esmtp (Exim 4.20) id 19UnCa-0000X5-Tb for freebsd-questions@freebsd.org; Tue, 24 Jun 2003 13:47:12 +0100 Received: from ocampa.wcom.co.uk ([166.59.189.250] helo=ocampa.emea.mci.com) by sirus.emea.mci.com with esmtp (Exim 4.12) id 19UnCO-0003S1-00; Tue, 24 Jun 2003 13:47:00 +0100 Received: from [62.191.1.65] (helo=ukcamgate1.cbg.uk.corp.eu.uu.net) by ocampa.emea.mci.com with esmtp (Exim 4.14) id 19UnCN-0007J9-La; Tue, 24 Jun 2003 12:46:59 +0000 Received: by ukcamgate1.cbg.uk.corp.eu.uu.net with Internet Mail Service (5.5.2653.19) id ; Tue, 24 Jun 2003 13:48:11 +0100 Message-ID: <36D04A8168B2D41182250008C7E6F8780374F865@ukcamexch2.cbg.uk.corp.eu.uu.net> From: Philip Payne To: 'Supote Leelasupphakorn' , freebsd-questions@freebsd.org Date: Tue, 24 Jun 2003 13:48:12 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" X-Spam-Score: 0.0 (/) X-Scanner: exiscan for exim4 (http://duncanthrax.net/exiscan/) *19UnCO-0003S1-00*IdIklggrXpg* Subject: RE: Why must I use firewall ? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Jun 2003 12:47:25 -0000 Hi, > So far, I known firewall is a choice when I want > to protect my boxes from crackers but my question is > if I closed the service I don't use (such as port 25 > for STMP) so the cracker out there can't attack, > what's the reason "firewall" come to play ? >From a general viewpoint the more levels of security the better. i.e. shutting down the service=good, shutting down the service + filtering out unwanted traffic at the network edge (firewall) = better, shutting down the service + filtering out the unwanted traffic (firewall) + observing internal traffic for odd things (IDS) = even better. Firewalls are generally positioned at network gateways, where as servers are generally within the network. This means carrying out security at the firewall is much easier as it is the focal point for all network traffic. Firewalls generally have a much better logging ability, this is again helped by their positioning in the network. Logging will be important in the post-cracking examination of what went wrong. More importantly, you shouldn't be thinking "Should I use a firewall?" you should be thinking "what should my security model look like?" Firewalls are only a security tool to be used in addition to correct configuration of the server, security audits, IDS, penetration tests, account/password management and business practices/procedures. However.... any security procedure you put in place must be cost effective i.e. The cost of your security hardware/procedure/implementation must be less than the cost of total destruction of your data and it's replication in a disaster recovery procedure (1 times, 2 times or 3 times... your choice as to how often you think this will happen). Hope those general comments help. Phil.