LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Hardware and software firewall (https://www.linuxquestions.org/questions/linux-security-4/hardware-and-software-firewall-4175734386/)

Jason.nix 02-29-2024 11:21 AM
Hardware and software firewall
 
Hello,
In a web server, you have opened ports 80 and 443 through the hardware firewall and closed the rest of the ports. Do you need to do the same with the Linux firewall (iptables)?

Thank you.

jefro 02-29-2024 03:52 PM
I think so.

sundialsvcs 02-29-2024 07:25 PM
If you have a hardware firewall and you know that it is configured properly and always turned on, you don't need anything more.

jefro 02-29-2024 08:35 PM
I was thinking the OP was asking about his server. I'd assume it may have firewall on by default?

frankbell 02-29-2024 08:55 PM
I would be guided by the old saying, "You can't be too careful."

In other words, I'd configure both hardware and software firewalls, just in case the hardware firewall got breached or malfunctioned in some way.

Just my two cents.

___ 02-29-2024 09:02 PM
I was going to say NO, until I Googled.
 
Quote:
Why both a hardware and software firewall?

The difference between hardware and software firewall is this: A hardware firewall protects you from the outside world, and a software firewall protects a specific device from other internal systems.

For example, if someone tries to access your systems from the outside, your physical firewall will block them. But if you accidentally click on a virus-laden email that’s already managed to get into your system, your software firewall on the other computers in your office network may stop it from infecting them.
@OP: Are there any other systems 'inside' your hwd fw???

lvm_ 03-01-2024 02:55 AM
Nowadays zero trust is the preferred approach. No matter how many firewalls are protecting your system you must configure it as if it is facing the internet, anything else in considered slack and insecure. Hardware firewalls are getting owned all the time https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=cisco

Jason.nix 03-02-2024 01:17 AM
Quote:
Originally Posted by lvm_ (Post 6486813)
Nowadays zero trust is the preferred approach. No matter how many firewalls are protecting your system you must configure it as if it is facing the internet, anything else in considered slack and insecure. Hardware firewalls are getting owned all the time https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=cisco
Hello,
Thank you so much for your reply.
How do you set up zero trust in Linux?

lvm_ 03-02-2024 04:10 AM
Zero trust is not a switch or a parameter - it is a philosophy, you must tighten up everything as far as it goes. https://en.wikipedia.org/wiki/Zero_trust_security_model

Jason.nix 03-02-2024 04:58 AM
Hello,
Thank you so much for all replies.


All times are GMT -5. The time now is 08:08 PM.