A Note about Security in general
|Prev||Just a bit of Theory||Next|
A firewall can actually not guarantee 100% of security just because there may be bugs in the underlying software or the configuration or even a hardware problem can be the “open door” for the bad guys.
It is also a common mistake to believe that a firewall is enough to provide security. If you want to have a really high level of security you will need a whole “Security Concept” which defined the basic rules for the network environment. This includes the used software, installing security updates to the running software, a good documentation about how the security level is enforced in your network etc.
Here is an example what I mean by that.
Imagine you are running a public web server. To make it possible for the World to reach you you have to open the TCP port 80 for incoming connections. By opening this port your computer is reachable through the Internet. You as the admin implemented a really bomb save firewall configuration and you feel save because your firewall protects you. But certainly a securityhole in the webserver application is found and made public in the Internet. If you didn't installed the security update because you forgot or it isn't available yet a hacker may be able to use this securityhole (in the webserver not the firewall) to get access to your network. In this case the firewall can't do anything against it because you allowed people to connect to your server.
I hope that this example makes it a little bit clearer what is meant when talking about a security concept. To prevent these cases there are some basic rules to follow.
Install updates to the software you are running.
Try to have a look at some security based websites to stay informed about whats going on out there.
Think about creating a security concept for your network.
Never ever trust your configuration blindly!
Watch your logfiles for strange activities.
Keep an eye on the legal users in your network, a lot of networks have been hacked because of users that didn't follow the security concept and installed disallowed software, connect to the internet via modem or WLAN so that your firewall is simply can't see those connections, or the installed software was a virus or hidden backdoor to the system.
Read books and all kind of documentation about this topic you can find.
Always remember there is no save host. Except it's offline...
|Just a bit of Theory||Up||IPTables basics|