Configure Firewall on Servers

Advantages of firewall:

  1. You can filter outbound traffic.
  2. Layer 7 firewalls (IPS) can protect against known application vulnerabilities.
  3. You can block certain IP range and/or port centrally rather than trying to ensure that there is no service listening on that port on each individual machine or denying access using TCP/Wrappers.
  4. Firewalls can help if you have to deal with less security aware users/administrators as they would provide second line of defence. Without them one has to be absolutely sure that hosts are secure, which requires good security understanding from all administrators.
  5. Firewall logs would provide central logs and help in detecting vertical scans. Firewall logs can help in determing whether some user/client is trying to connect to same port of all your servers periodically. To do this without firewall one would have to combine logs from various servers/hosts to get centralized view.
  6. Firewalls also come with anti-spam / anti-virus modules which also add to protection.
  7. OS independent security. Based on host OS different techniques / methods are required to make host secure. For example TCP Wrappers may not be available on Windows machines.

Above all this if you do not have firewall and system is compromised then how would you detect it? Trying to run some command 'ps', 'netstat', etc. on local system cant be trusted as those binaries can be replaced. 'nmap' from remote system is not guaranteed protection as attacker can ensure that root-kit accepts connections only from selected source IP(s) at selected times.

Hardware firewalls help in such scenarios as it is extremely difficult to change firewall OS/files as compared to host OS/files.

Disadvantages of firewall:

  1. People feel that firewall will take care of security and do not update systems regularly and stop unwanted services.
  2. They cost. Sometimes yearly license fee needs to be paid. Especially if firewall has anti-virus and anti-spam modules.
  3. Additional single point of failure. If all traffic passes through firewall and firewall fails then network would stop. We can have redundant firewalls but then previous point on cost gets further amplified.
Back to Knowledgebase