Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Deny all outgoing traffic with a firewall - is it useful?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Deny all outgoing traffic with a firewall - is it useful?

Issam2204Issam2204 Member
edited June 2015 in Help

Hi!

As the title says, does it make any sense? Will it improve security?

Of course, I will unlock specifically only the ports I would need.

Comments

  • Mark_RMark_R Member

    Its always a good thing to only open ports that you need and deny everything else, that way you can be sure no other software is silently listening and being exploited at some random port that you arent aware about.

    Thanked by 1Issam2204
  • DillybobDillybob Member
    edited June 2015

    Could be, if someone finds an exploit in your system they can abuse it and it will skyrocket your outgoing traffic. (I'd limit it instead) Or are you talking about inbound traffic? If that is the case, mark_R's advice is goood.

    Thanked by 1Issam2204
  • Idea to improve security:

    • Pull the Ethernet cable.

    • Pull the wireless card.

    • "Secure"

  • DaTaDaTa Member

    @KwiceroLTD actually Pull the power cable is the most secure , don't forget physical attacks

    @Issam2204 from security point of view yes to disallow reverse shells . So my recommendation will go to allow only needed incoming/Outgoing ports

    Thanked by 1Traffic
  • Ensure SELinux is active at all times.

  • DaTa said: @KwiceroLTD actually Pull the power cable is the most secure , don't forget physical attacks

    Pull the power, all the chips, then open the machine and physically incinerate every inch, drop it in a box at the bottom of the ocean and let the sharks eat it.

  • erkinerkin Member

    @Issam2204 , certainly it will work. But be sure to open necessary ports otherwise expected services won't run.

    Thanked by 1Issam2204
  • cassacassa Member

    @KwiceroLTD said:
    Idea to improve security:

    • Pull the Ethernet cable.

    • Pull the wireless card.

    • "Secure"

    And if that doesn't help, try turning it off

  • @cassa said:
    And if that doesn't help, try turning it off

    Thanked by 1cassa
  • raindog308raindog308 Administrator, Veteran

    Issam2204 said: As the title says, does it make any sense? Will it improve security?

    As part of a large security policy, sure.

    Most books on securing systems have "turn off anything you don't need" in chapter 1. Applying that wisdom to ports also makes sense.

    I personally have witnessed various Linux distros install a package (say, samba) as a dependency and then automatically start the service...Deb 5 or 6 did this in some cases as I recall. Without a firewall, you could find yourself service unwanted services to the Internet.

    Thanked by 1Issam2204
  • Mark_RMark_R Member

    @Issam2204

    something you might wanna consider using is https://www.duosecurity.com

    with this you know that the authorization part of your server is 100% covered for sure. im using this on windows server 2012 R2 without any problems, linux is supported too i think (never tested it on that.)

  • joepie91joepie91 Member, Patron Provider

    Mark_R said: something you might wanna consider using is https://www.duosecurity.com

    with this you know that the authorization part of your server is 100% covered for sure.

    You don't. It's not auditable.

  • Mark_RMark_R Member
    edited June 2015

    @joepie91 said:
    You don't. It's not auditable.

    you mean not open-source? so what? this is just like the windows vs linux argument, you linux fanboys say that windows/microsoft isnt trustworthy because it is not opensource but at the same time i dont see you guys reading through all source codes of the linux OS before using it, companies like duosecurity and microsoft have much more to lose than any opensource devs - the reputation of their company + income is at stake. did you ever think about that?

  • mikhomikho Member, Host Rep

    The hosted customers me and my colleagues manage always have the hardware firewall to deny all traffic and only open the ports needed.

    Thanked by 1Issam2204
  • joepie91joepie91 Member, Patron Provider
    edited June 2015

    @Mark_R said:
    you mean not open-source? so what? this is just like the windows vs linux argument, you linux fanboys say that windows/microsoft isnt trustworthy because it is not opensource but at the same time i dont see you guys reading through all source codes of the linux OS before using it, companies like duosecurity and microsoft have much more to lose than any opensource devs - the reputation of their company + income is at stake. did you ever think about that?

    If you do not have the ability to audit something if you were so inclined, it cannot be considered secure. Presenting this as '100% covered' is dangerously misleading, at best.

    This has all been well-understood and well-documented in infosecurity circles for the past few decades, and I'm really not even going to bother with this discussion anymore, especially since I believe we've had this discussion before.

    This has fuck-all to do with open-source, by the way. Open-source has to do with license for modification and distribution. This is purely about auditability of the source.

    EDIT: And seriously, stop making any kind of '100%' claim relating to security, especially if you are not a professional working in the field. It's highly irresponsible, and I'm tired of it.

  • Mark_RMark_R Member
    edited June 2015

    @joepie91 said:
    If you do not have the ability to audit something if you were so inclined, it cannot be considered secure.

    It can be considered secure if a big company's reputation + income is depending on it.

    @joepie91 said:
    Presenting this as '100% covered' is dangerously misleading, at best.

    Alright, i gotta admit i shouldn't have used these words, but please understand that english is not my primary language, mistakes like this are bound to happen.

    @joepie91 said:
    This has all been well-understood and well-documented in infosecurity circles for the past few decades, and I'm really not even going to bother with this discussion anymore

    In that case you might aswel could've not reply and move on, it would equal to the same.

    @joepie91 said:
    This has fuck-all to do with open-source, by the way. Open-source has to do with license for modification and distribution. This is purely about auditability of the source.

    I've used google translate on the word 'auditable' it sounds like you previously were reffering to open-source to me.

  • joepie91joepie91 Member, Patron Provider

    It can be considered secure if a big company's reputation + income is depending on it.

    No, it cannot. If it is not technically-provable secure, it isn't secure. No exceptions.

    There are simply too many environmental factors in play (incompetence, malicious actors within the company, malicious actors outside the company such as intelligence agencies, ...) to accept anything less than that as proof.

    In that case you might aswel could've not reply and move on, it would equal to the same.

    No, because your advice/claims are dangerous if taken at face value, which is likely to occur if not contradicted.

    I've used google translate on the word 'auditable' it sounds like you previously were reffering to open-source to me.

    Auditable means it is possible to audit the software/hardware/etc., ie. look at it, inspect it, (reliably) understand its inner workings, confirm with certainty that it behaves as it should. In the case of software, that requires being able to look at the source code and being able to build it from that source code. Distribution/modification permission is unrelated to that.

  • Mark_RMark_R Member

    @Mark_R said:
    It can be considered secure if a big company's reputation + income is depending on it.

    @joepie91 said:
    No, it cannot. If it is not technically-provable secure, it isn't secure. No exceptions.

    There are simply too many environmental factors in play (incompetence, malicious actors within the company, malicious actors outside the company such as intelligence agencies, ...) to accept anything less than that as proof.

    The problems you mentioned are a problem in open-source based softwares too, but again, those individual opensource devs have nothing to lose compared to big companies like Microsoft, microsoft has to keep up their reputation and money income, opensource devs do not have this task because they can commit anytime they want without representing any company brand.

    @joepie91 said:
    No, because your advice/claims are dangerous if taken at face value, which is likely to occur if not contradicted.

    I like it when im being called out, it helps me improving on certain areas, in this case you definitly teached me on my word usage, i do appreciate that, im always open for realistic improvements.

    @joepie91 said:
    Auditable means it is possible to audit the software/hardware/etc., ie. look at it, inspect it, (reliably) understand its inner workings, confirm with certainty that it behaves as it should. In the case of software, that requires being able to look at the source code and being able to build it from that source code. Distribution/modification permission is unrelated to that.

    Yeah, that definitly sounds like opensource to me. it comes down to the same thing. i'm glad that i did understand you correctly the first time, thank you for confirming this.

  • joepie91joepie91 Member, Patron Provider
    edited June 2015

    Mark_R said: The problems you mentioned are a problem in open-source based softwares too

    No, they're not. Because you can audit the code if you distrust any factors.

    Mark_R said: those individual opensource devs have nothing to lose compared to big companies like Microsoft, microsoft has to keep up their reputation and money income, opensource devs do not have this task because they can commit anytime they want without representing any company brand.

    This is not only false (it's far too generalizing a statement), it's also completely irrelevant when talking about security. You cannot build your security on assumptions, and the interests/risks that you believe a company has are exactly that - assumptions.

    Mark_R said: I like it when im being called out, it helps me improving on certain areas, in this case you definitly teached me on my word usage, i do appreciate that, im always open for realistic improvements.

    Happy about that :)

    Mark_R said: Yeah, that definitly sounds like opensource to me. it comes down to the same thing. i'm glad that i did understand you correctly the first time, thank you for confirming this.

    It's not, as I already said. Key points of "open-source" are being allowed to modify and redistribute, as explained in the OSD. Those are irrelevant factors here. This is purely about the ability to audit the code and produce a known-secure build, which are security concerns, and not licensing concerns like what open-source is about.

    Open-source and auditability have nothing to do with each other, other than that auditability is a coincidental side-effect of something being open-source.

Sign In or Register to comment.