Wednesday, November 4, 2009

Chapter 10. Protecting Yourself with a Firewall









Chapter 10. Protecting Yourself with a Firewall







In This Chapter

  • Introducing firewalls

  • Building a firewall

  • Starting your firewall



Your newly installed Ubuntu desktop computer is quite network safe. Ubuntu, out of the box, doesn't run any unnecessary, network-aware services; network-aware services are processes (running programs or applications) that respond to network connections.


Network services that don't exist can't be hacked. This is a good thing.


However, Ubuntu supplies a firewall configuration utility because life changes. As you use your computer, you'll probably want to change and modify it. Changing and modifying might introduce new network services, and those services need to be protected with a firewall. Firewalls limit access to and from networks and are generally used to prevent unwanted incoming connections, especially ones from the Internet.




Protecting Your Computer with Firewalls


In the past, firewalls were absolutely necessary because Linux distributions installed and activated many network-aware services by default. They installed the proverbial kitchen sink. Most people didn't need the services — or the sink — but someone always did. Vendors turned services on in order to make as many as possible of their customers happy.


Well, as the adage says, you can please some of the people all of the time, but . . . well, you get my drift. Turning on services was very bad from a security standpoint. Some services were poorly configured, some were buggy, and hackers went to town.


Ubuntu practices good security hygiene. It installs only a relatively small amount of software — enough to make your Ubuntu computer very useful but without installing the kitchen sink. So there aren't any network-aware services running under the default installation described in Chapter 4.


So why run a firewall? It isn't absolutely necessary, but good security requires multiple layers of defense. There's no silver bullet when it comes to computer security. You might not have a network-based vulnerability now, but that might not be true in the future.


I show you how to install a lot of software throughout this book. Some software is network-aware, and software always contains exploitable vulnerabilities. Therefore, be proactive and install a firewall now. It's easy to install and configure.









Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)