Author Topic: Firewall ! is there any need for one (Desktop @ Home)  (Read 18915 times)

0 Members and 1 Guest are viewing this topic.

Offline Fletch

  • Neuling
  • *
  • Posts: 34
  • Branch: stable
  • Desktop: XFCE
  • GPU Card: Intel HD Graphics Controller
  • GPU driver: free
  • Kernel: MANJARO x64
  • Skill: Intermediate
Re: Firewall ! is there any need for one (Desktop @ Home)
« Reply #30 on: 10. January 2014, 09:05:40 »
Unless a firewall is installed with whatever 'nix system I'm running at the moment, I don't run one. I personally don't see the need.
I run Firefox like most others do and install Adblock Plus and Ghostery to keep the cookies down. If I download it's typically via torrent and then it's through a proxy in China or somewhere where it's extremely difficult if not impossible to track me.

My router is through AT&T and I'm wifi connected. I'm not concerned with online banking because my user name as well as  password are based on Cherokee language with capitals, numbers and lots of @$%&* so a brute force technique would require a looooong wait for any results.

Keyloggers? How is anyone going to install one to your system? Unless you're there to put the password in for them it isn't going to get installed and even then you'd know something was wrong because keyloggers eat up a lot of processing power.

If the NSA interecepts my email, hopefully they'll nail those guys who keep trying to entice me with their viagra ads along with those Nigerian pukes that owe me millions. I can't stop them from intercepting my emails anyway since they aren't stored on my pc. They're in Googles and Yahoo's servers.

On a side note,,, I had my identity stolen about 5 years ago and I'm still cleaning up my credit record. The info they needed didn't come from my pc.. It came via my mail and the mailman in the literal sense was the culprit.

Offline ruziel

  • Held Mitglied
  • *****
  • Posts: 2893
  • Those who know, laugh.
    • Coffee & Manjaro
  • Branch: Stable
  • Desktop: Xfce
  • Kernel: 4.4 / 4.9
  • Skill: Novice
Re: Firewall ! is there any need for one (Desktop @ Home)
« Reply #31 on: 10. January 2014, 09:28:59 »
Anyone who's machine is behind a half decent modem will immediately have some level of protection, especially if you are connected to it via Ethernet. If one's wireless network has a strong password & decent encryption, this will provide sufficient protection from the average cybermug. However, if for whatever reason you suspect that someone with strong penetration skills has you in their sights - or may have in the future - then taking some precautions to harden your network & machine is advised.

Handy put together a simple UFW/Tables tutorial, which I have implemented. Apart from that, it comes down to one's level of paranoia and/or the kind of enemies you have out there in cyberspace  ;)

Peace.

Ruziel  ;)



 
"There is no complete theory of anything." (Robert Anton Wilson)

Offline t101

  • Vollwertiges Mitglied
  • ***
  • Posts: 208
  • Branch: Stable
  • Desktop: KDE
  • GPU Card: Nvidia GeForce GTX 650
  • GPU driver: Non Free 343.36
  • Kernel: 3.19.1-1-MANJARO
  • Skill: Novice
Re: Firewall ! is there any need for one (Desktop @ Home)
« Reply #32 on: 19. January 2014, 10:49:29 »
I dont know the exact version but the once turned on GUFW used to make all ports stealthed. But this is not the case anymore. The latest version of Gufw makes some ports CLOSED and some STEALTH.

So I uninstalled GUFW (the frontend) and just did

sudo systemctl start ufw

But still ICMP is not blocked. To block ICMP >>

Look in /etc/ufw/before.rules and comment out this line:
-A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT

I dont use my router to dial coz my connection is not very stable so sometimes I need to reconnect a number of times to authenticate the DSL connection.
The loneliest people are the kindest. The saddest people smile the brightest. The most damaged people are the wisest.

Offline RacerBG

  • Jr. Mitglied
  • **
  • Posts: 71
  • Lost in translation!
  • Branch: Stable
  • Desktop: XFCE
  • Kernel: linux41-x86
  • Skill: Intermediate
Re: Firewall ! is there any need for one (Desktop @ Home)
« Reply #33 on: 20. January 2014, 15:48:59 »
In short I prefer to have a firewall. :) But even without it I can work safely with Linux. ;)
Manjaro Linux Bulgarian Translator

Offline Strandvaskeren

  • Jr. Mitglied
  • **
  • Posts: 60
  • Skill: Novice
Re: Firewall ! is there any need for one (Desktop @ Home)
« Reply #34 on: 26. January 2014, 20:11:15 »
A firewall is no more secure than the person configuring it, and therein lies the problem.

If you know an awful lot about ports and packets and that stuff, you'll probably already have taken complete control over your system and have shut down any process that doesn't need running, patched up security holes and made sure that no running process responds to outside traffic unless you want it to. If you're brainy enough to run such a tight ship, a firewall won't do much.

The remaining group have only a superficial knowledge on how the internet works. So why not add a firewall to be safe? Well, every now and again the firewall detects some traffic on a port and asks you what to do. Since you have no idea what the traffic does and whether it's good or bad, you basically flip a coin. You might say no and your program stops working. Then you change it to a yes and stuff seems fine again. Thing is, you'll need to KNOW before making those choices and if you KNOW then odds are you're already ahead of the situation and don't need a firewall in the first place.

I dislike firewalls, not because they are bad as such, but most likely they will be badly configured by a user that adds way too many exceptions without knowing whet they do, while at the same time making the user feel nice and secure without really being so.

Offline LucaB

  • Neuling
  • *
  • Posts: 18
  • I'm interested about linux & music
  • Branch: stable
  • Desktop: i3-wm
  • GPU Card: GTX 760
  • GPU driver: nonfree
  • Kernel: 4.1.16-1-MANJARO
  • Skill: Novice
Re: Firewall ! is there any need for one (Desktop @ Home)
« Reply #35 on: 29. January 2014, 14:16:10 »
F-secures Mikko Hyppönen talks about subject, this is funny and informative.
DEFCON 19: The History and the Evolution of Computer Viruses
http://www.youtube.com/watch?v=gDaiox3sA6k

Mikko Hypponen: Three types of online attack
http://www.youtube.com/watch?v=VM7HQ_zbdIw

Watching these kind of talks, I'm not using computer without decent firewall.

Offline Reatelf

  • Neuling
  • *
  • Posts: 4
  • Desktop: Reatelf
  • Skill: Novice
Re: Firewall ! is there any need for one (Desktop @ Home)
« Reply #36 on: 28. February 2014, 15:16:03 »
For me firewall is very important.

Offline AndyE

  • Vollwertiges Mitglied
  • ***
  • Posts: 109
  • Branch: arch_x64-testing
  • Desktop: Xfce 4.12.1-1
  • GPU Card: intel HD3000 & nVidia GT540M
  • GPU driver: non-free
  • Kernel: 4.0.4-2-ARCH
  • Skill: Intermediate
Re: Firewall ! is there any need for one (Desktop @ Home)
« Reply #37 on: 07. May 2014, 11:59:16 »
Well following the Firewall-wiki was just simple and took me about five minutes. So why not?

Sure you all have routers but those mostly have only SPI. Yesterday I read a lot about FWs and I'm planning to build an UTM with an old PC. Why? Because we can do it thanks to the freedom of internet and many people writing this software. And to keep my kids away from bad sites and virus/rootkit and all other treatments and make our home PCs safer. I think it's easier to set-up a good firewall than to restore one or more PC's.

We all paid money for our hardware and it took us time to set it up - so isn't it ones right to make your "home" safe?

Remember the old saying:
Believe in god but lock your car!  ;)

Last but not least: would you like it if someone steals pictures from your PC, e.g. from your kids ( age between 0 and 5 ) playing naked in the swimming pool? And those pictures would be made public on "special sites"... think about it!

Yours

Andy
« Last Edit: 07. May 2014, 12:08:08 by AndyE »
"Love is the death of duty"

Offline Shinya

  • Neuling
  • *
  • Posts: 42
  • Branch: Stable
  • Desktop: 0.8.9 Openbox
  • Kernel: linux38-x64
  • Skill: Novice
Re: Firewall ! is there any need for one (Desktop @ Home)
« Reply #38 on: 11. May 2014, 19:38:27 »
Uh, yes. I can't imagine accessing internet from anywhere unless I'm using firewall.

Offline Fletch

  • Neuling
  • *
  • Posts: 34
  • Branch: stable
  • Desktop: XFCE
  • GPU Card: Intel HD Graphics Controller
  • GPU driver: free
  • Kernel: MANJARO x64
  • Skill: Intermediate
Re: Firewall ! is there any need for one (Desktop @ Home)
« Reply #39 on: 18. June 2014, 05:44:32 »
If the system comes with a firewall then I run a firewall. If it doesn't, I don't. My router has a firewall. I don't install anything from sources outside the Repo's so what would I need an AV for?

If something does hose my system I can wipe the hd, repartition it and reinstall Manjaro and be up and running in about an hour. I keep everything important on an external hd anyway.

If someone is so bored that they want to hack into my pc, all I can say is,,,, and?

All they'll find is a couple hundred books I'm planning on reading, a ton of southern Rock music and not a whole lot else.

If the NSA is monitoring me they're well aware that I don't think much of them as well as all of my other political leanings.

 If they'll leave me a message telling me they're bored I'm adept with using Qbittorent and I'll see about finding them some porn I can download and they can watch it at their leisure.

I'm not running a business from my pc so I can be lackadaisical about it. If I was running a business sure I'd go to a little greater length with a firewall but since I would still be running 'nix, what would I need even then an AV for? I'd still be anal about what I downloaded and installed and where it came from.

Offline wordler

  • Vollwertiges Mitglied
  • ***
  • Posts: 244
  • I can wire a plug
  • Branch: Stable
  • Desktop: Fluxbox & Xfce
  • GPU Card: Nvidia GT720 1gb ddr5
  • GPU driver: non-free
  • Kernel: linux4.4-x64
  • Skill: Novice
Re: Firewall ! is there any need for one (Desktop @ Home)
« Reply #40 on: 18. June 2014, 14:43:02 »
I set up ufw, but it's never been hit by anything. The firewall in my router has caught everything. I back up my home folder every day plus all my browser bookmarks. Most of my stuff is on external drives anyway, and, like Fletch, I am not running a business. Life is simple. However the log of my router firewall is very busy, so I think having an extra line of protection after that is a good idea.
Fear is the mind killer.

Offline Skully

  • Jr. Mitglied
  • **
  • Posts: 96
  • Branch: stable
  • Desktop: KDE
  • GPU Card: nVidia GTX 660ti 2gb
  • GPU driver: non-free
  • Kernel: 3.18 x86_64
  • Skill: Advanced
Re: Firewall ! is there any need for one (Desktop @ Home)
« Reply #41 on: 24. October 2014, 11:53:41 »
I don't bother with a firewall anymore.  My modem has my ports closed and stealthed. I doubt anyone would bother to get through my NAT, it would be alot of effort. Yes people are scanning ya ports all the time to find unsecured machines. They arn't going to try getting around your modems NAT without a real good reason. It's not an easy thing to do. They will just move on to the next sucker.

It would be ALOT easier to break into my house when I am out and then take what they want from my pc.  If you have access to the machine, linux really has no security. I gained full access to my friends box, changed his root password and his account password on Fedora 20 while he went to the toilet. But over the net. Nope I would even bother.

Offline QtAndNice

  • Jr. Mitglied
  • **
  • Posts: 93
  • Branch: stable
  • Desktop: KDE 5.x.(current stable)
  • GPU Card: nVidia GTX 760
  • GPU driver: non-free
  • Kernel: 4.1.18-1-lts-tomoyo (AUR)
  • Skill: Novice
Re: Firewall ! is there any need for one (Desktop @ Home)
« Reply #42 on: 29. October 2014, 19:07:54 »
I don't bother with a firewall anymore.  My modem has my ports closed and stealthed. I doubt anyone would bother to get through my NAT, it would be alot of effort. Yes people are scanning ya ports all the time to find unsecured machines. They arn't going to try getting around your modems NAT without a real good reason. It's not an easy thing to do. They will just move on to the next sucker.

It would be ALOT easier to break into my house when I am out and then take what they want from my pc.  If you have access to the machine, linux really has no security. I gained full access to my friends box, changed his root password and his account password on Fedora 20 while he went to the toilet. But over the net. Nope I would even bother.

yeah but what about your applications dialing out, i guess you missed something big here
just take the "trust" argument out of the way and you're left with a totally unsecure machine

Offline Skully

  • Jr. Mitglied
  • **
  • Posts: 96
  • Branch: stable
  • Desktop: KDE
  • GPU Card: nVidia GTX 660ti 2gb
  • GPU driver: non-free
  • Kernel: 3.18 x86_64
  • Skill: Advanced
Re: Firewall ! is there any need for one (Desktop @ Home)
« Reply #43 on: 30. October 2014, 11:41:23 »
All my applications are opensource, I feel pretty safe using them thanks. You feel you need a firewall to stop your apps dialing out? If I felt I needed a software firewall to stop my apps from dialing out, I would choose another application that I trusted.
 I also have a network monitor running on my keyboard's LCD, so I can see when I have any activity that I wouldn't expect if needed.

Offline Phil67

  • Jr. Mitglied
  • **
  • Posts: 94
  • Skill: Advanced
Re: Firewall ! is there any need for one (Desktop @ Home)
« Reply #44 on: 30. October 2014, 14:41:07 »
All my applications are opensource, I feel pretty safe using them thanks.
Open Source has never been a guarantee of safety.

It is a minimal prerequisite, but not sufficient: you can audit the code but there is no guarantee that it is 100% safe.

ShellShock and Heartbleed concern some of the most popular Open Source applications. They were coded by dozens of developers which did not detect the security vulnerabilities during years.

Governmental organizations (NSA & co.) could infiltrate Open Source projects to introduce complex backdoors almost undetectable without a detailed code audit by experts (they managed to introduce algorithm with mathematical flaws in widespread "open source" encryption systems).

A Linux desktop system is not protected against dial-out malware: all your security is based on your "trust" in applications (= trust in Manjaro servers + trust in Manjaro team + trust in Arch servers + trust in Arch team + trust in upstream projects + trust in coders and rare code reviewers + trust in your own infallibility).

Network monitoring via keyboard LED is not able to distinguish legitimate outgoing packets from malicious ones and a good inconspicuous malware will avoid massive network requests.


Most Linux users don't use outgoing firewall but you can't consider this as a secure practice.
« Last Edit: 30. October 2014, 14:43:04 by Phil67 »