this post was submitted on 25 Jan 2024
92 points (94.2% liked)

Linux

48287 readers
651 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
92
submitted 10 months ago* (last edited 10 months ago) by Kalcifer@sh.itjust.works to c/linux@lemmy.ml
 

I've spent some time searching this question, but I have yet to find a satisfying answer. The majority of answers that I have seen state something along the lines of the following:

  1. "It's just good security practice."
  2. "You need it if you are running a server."
  3. "You need it if you don't trust the other devices on the network."
  4. "You need it if you are not behind a NAT."
  5. "You need it if you don't trust the software running on your computer."

The only answer that makes any sense to me is #5. #1 leaves a lot to be desired, as it advocates for doing something without thinking about why you're doing it -- it is essentially a non-answer. #2 is strange -- why does it matter? If one is hosting a webserver on port 80, for example, they are going to poke a hole in their router's NAT at port 80 to open that server's port to the public. What difference does it make to then have another firewall that needs to be port forwarded? #3 is a strange one -- what sort of malicious behaviour could even be done to a device with no firewall? If you have no applications listening on any port, then there's nothing to access. #4 feels like an extension of #3 -- only, in this case, it is most likely a larger group that the device is exposed to. #5 is the only one that makes some sense; if you install a program that you do not trust (you don't know how it works), you don't want it to be able to readily communicate with the outside world unless you explicitly grant it permission to do so. Such an unknown program could be the door to get into your device, or a spy on your device's actions.

If anything, a firewall only seems to provide extra precautions against mistakes made by the user, rather than actively preventing bad actors from getting in. People seem to treat it as if it's acting like the front door to a house, but this analogy doesn't make much sense to me -- without a house (a service listening on a port), what good is a door?

you are viewing a single comment's thread
view the rest of the comments
[–] Bitrot@lemmy.sdf.org 4 points 10 months ago* (last edited 10 months ago) (1 children)

In the world of Windows XP before SP2, your system would be taken over by internet worms within minutes of connecting to the internet. If you had an Internet connection while running setup, it would happen before you even booted the computer into the OS for the first time.

Things have gotten better, but vulerabilities are still discovered all the time. A big point of a firewall is to have a device guaranteed to have very little attack surface in between devices that are more unknown quantities. Then they can add additional features, like recognizing when someone is trying to take advantage of a vulnerability in the webserver on port 80 and blocking it.

[–] Kalcifer@sh.itjust.works 1 points 9 months ago (1 children)

A big point of a firewall is to have a device guaranteed to have very little attack surface in between devices that are more unknown quantities.

Are you referring to a NAT?

Then they can add additional features, like recognizing when someone is trying to take advantage of a vulnerability in the webserver on port 80 and blocking it.

It seems that you are using more of a general interperetation of the term "firewall" rather than something more specific like a packet filtering firewall (which is more of the focus of my post). Am I correct In my interperetation?

[–] Bitrot@lemmy.sdf.org 1 points 9 months ago* (last edited 9 months ago) (1 children)

No, I was referring to a firewall, how many ports are open on one versus a random user's device?

My response is general to any firewall as you did not specify. They go all the way into deep packet inspection and intrusion detection (blocking exploitation of your webserver). NGFWs have extensive capabilities beyond packet filtering.

[–] Kalcifer@sh.itjust.works 1 points 9 months ago

No, I was referring to a firewall

A NAT is a type of firewall.

how many ports are open on one versus a random user’s device?

I don't understand the wording of this question.

NGFWs have extensive capabilities beyond packet filtering.

Interesting. Do you have any recommendations for software, or further reading on the topic?