At 03:38 PM 11/15/2001, you wrote:
--- Justin Leoni <Jleoni@xxxxxxxxxx> wrote: > I must agree - a good firewall is like auto insurance you pay for it > now or > you'll REALLY pay for it later if you have M$ boxes connected to your > network. > I all I appreciate the general information, but I dont have ANY M$ stuff on my network. Its all RaQs (at least the portion I'm asking about). Hence my subject line about RaQs only. So, from the replies, it seems the main advantage to putting a firewall out front is: 1. protection from DoS attacks 2. ability to deny certain IPs (easily in one location). This is useful it someone is port scanning, or hammering you with code red, etc... 3. ??? These alone *may* be good reasons to put a firewall out front, but since I have a limited number of RaQs (less than 10), I think I'll just stick to "hardening" each one individually.
Unless you have a fair bit of money, none of the ideas suggested really would be putting a firewall in front of all you systems. This could be done though. Most information is how to put a firewall on each individual machine. I also think one of the problems here is the generic use of the term firewall. There are hardware devices called firewalls. There is software that is called firewall software. And I believe that others are speaking of a method of security and are using the term firewall. Either of the first two can be the same. A firewall device basically is a piece of hardware with firewall software on it. Some use special chips to help with the processing. The second could be a stand alone Linux (or Unix or Windows) with some software that all packets are processed through. A could piece of software is Checkpoint. With what most people are speaking about is a process. That process can include various procedures. A person helped me by setting some of them up. The set up ipchains, logcheck and portsentry. The main thing you are looking for here is people trying to break into your computer.
I don't think any of these methods really can do much for DoS attacks. A DoS attack is really attacking you ip or url from many locations with a flood of requests. It is really tieing up your bandwidth. They can be normal type request, just far too many of them and not waiting enough time for a response before making the request again. There is not really much you can do about code red or nimda as they are making normal http requests. They are requests that can really mess with a Microsoft IIS machine. It does affect you bandwidth. A firewall that blocks the ip address is still going to be using up the bandwidth as the request has to get to you to block it. If you could block it at you ISP in a router, that would be helpful. I email my ISP with new IPs attacking me and they shut them off. Most attacks with the nimda worm/virus come from within your own network.
I do suggest you read up on ipchains, portsentry and logcheck. If configured correctly, they can block some of the people trying to break into your machine. Oh yea, I forgot tripwire. I watches to see what files get changed on your machine. Another help to see if someone has broken in. I think most people look at it as ways to postpone a break in. I think most people accept at some time or another they will be beaten and the goal is to postpone it as long as possible and keep as many as possible out. I have been hacked. I reloaded and got some help. I have been secure since. I would like to say that I will never be hacked again. I may dream, but I am not really stupid. I have the ability to reload each and every site from scratch. I may loose a few emails, otherwise they won't really cause much harm.
Thanks for the comments. Rusty __________________________________________________ Do You Yahoo!? Find the one for you at Yahoo! Personals http://personals.yahoo.com _______________________________________________ cobalt-users mailing list cobalt-users@xxxxxxxxxxxxxxx To Subscribe or Unsubscribe, please go to: http://list.cobalt.com/mailman/listinfo/cobalt-users