Is a firewall really needed?

[Dalani]

I asked myself the same question. I tested my security setup with ShieldsUp at www.grc.com (click on shieldsup logo) this website will verify all ports of any computer connected to the net and show a PASS or FAIL with results.

I was surprised to know that my WIn98SE running ZONElabs firewall, stealths all my ports and makes my computer invisible to the net ab nd is airtight. Whereas Linux Ubuntu without firewall shows ports closed but actively responds to outside port requests and so on...

What does that mean? I don't know if Linux is airtight or not without a FW. Can spyware exist or download on Linux if it responds so eagerly to port probes?????

[sdousley]

IWhat does that mean? I don't know if Linux is airtight or not without a FW. Can spyware exist or download on Linux if it responds so eagerly to port probes?????

I wouldn't even claim Windows is air tight with a firewall.... a firewall doesn't guarantee you security, it just improves seurity.

iirc, there's (as yet) no spyware for linux, and few virii, because of the limitations as to what virii can do to the system i think... it can only wipe what the logged on user has permission to wipe.

[borromini]

rootkits are IMHO a far more bigger threat on Linux. Use the chkrootkit tool to find them on your system.

[serz]

It's better to have it than not to

[sdousley]

It's better to have it than not to

Well, surely that's the case with ANY security... hehe

[Dalani]

I installed Firestarter.Works great.

I tested it at www.grc.com
SHIELDS UP testing showed ALL my ports invisible to net probes and responds to no PING request.

Without a firewall my Linux box had four ports open! and the rest closed but visible to snoops..

[Krendoshazin]

I wouldn't even claim Windows is air tight with a firewall.... a firewall doesn't guarantee you security, it just improves seurity.

You're right about that, many people believe that just by having a firewall they are safe, which is not the case as a firewall is merely the first line of defense.

A good set of firewall rules will protect you from most things, just don't take them for granted and always secure your system as much as possible.

Also in regards to the primary question, no, the difference between ports being stealthed and being seen as closed is simply the fact a stealthed port doesn't respond no matter what state it is in. Being able to see all your ports closed isn't much of a concern until you take into account the fact that they can see when they are open also, this is why it is important to filter traffic using a good set of firewall rules.
When you have things set up as optimal as possible, their scanners shouldn't be able to tell that you're even online, keeping in mind that responding to established connections is the best way to go.

[oz]

I haven't run a firewall for the last two or three years, although I used to switch back and forth between firestarter and guard dog. Doing okay without one so far, but we'll see how it goes.

[lukki]

I don't really understand need for a firewall on a server machine. Let's imagine usual situation of server with some standard services on standard ports (www, ftp etc). Aren't these listening services potentially much more vulnerable?

Of course I realise protection against syn-flood attack or blocking open ports of services I don't want to "share" (e.g. X server). But is it really necessary to block traffic to closed port?

[jrgp]

You need a firewall to block access to all ports other than the ones the server is serving content to, eg (www, ftp, whatever)