[WBEL-users] easy to use firewall?
Phil Barnett
philb at philb.us
Mon Apr 4 15:01:49 CDT 2005
On Monday 04 April 2005 03:52 pm, William Hooper wrote:
> Phil Barnett said:
> [snip]
>
> > What's
> > the point of making a machine that has ports 23, 80,8080, 443,
> > 137,138,139 as it's only available ports and then putting a firewall in
> > front of it that allows ports 23, 80,8080, 443, 137,138,139 to come
> > through?
>
> So when you screw up the mail server config (for example setting it to
> listen on all interfaces instead of just localhost) you won't be exposing
> it to the whole world. Ditto with Samba, NFS, etc. on a multi-network
> machine.
>
> Layers of security are never a bad idea.
You should be regularly scanning your machines for port availability,
particularly after you have made changes to it.
But if it makes you feel safer, then by all means run a firewall. Bastion
hosts, however, are very common. It's just as easy to screw up a machine
through the firewall, such as making your mail server be an open relay.
This is why I suggested Nessus. It will detect such things.
--
"In the beginning of a change, the patriot is a brave and scarce man, hated
and scorned. When the cause succeeds, however, the timid join him...for then
it costs nothing to be a patriot." -Mark Twain
More information about the Whitebox-users
mailing list