[SOLVED] Hardware and software firewall

Jason.nix · 02-29-2024, 11:21 AM

Hello,
In a web server, you have opened ports 80 and 443 through the hardware firewall and closed the rest of the ports. Do you need to do the same with the Linux firewall (iptables)?

Thank you.

jefro · 02-29-2024, 03:52 PM

I think so.

sundialsvcs · 02-29-2024, 07:25 PM

If you have a hardware firewall and you know that it is configured properly and always turned on, you don't need anything more.

jefro · 02-29-2024, 08:35 PM

I was thinking the OP was asking about his server. I'd assume it may have firewall on by default?

frankbell · 02-29-2024, 08:55 PM

I would be guided by the old saying, "You can't be too careful."

In other words, I'd configure both hardware and software firewalls, just in case the hardware firewall got breached or malfunctioned in some way.

Just my two cents.

___ · 02-29-2024, 09:02 PM

Quote:

Why both a hardware and software firewall?

The difference between hardware and software firewall is this: A hardware firewall protects you from the outside world, and a software firewall protects a specific device from other internal systems.

For example, if someone tries to access your systems from the outside, your physical firewall will block them. But if you accidentally click on a virus-laden email that’s already managed to get into your system, your software firewall on the other computers in your office network may stop it from infecting them.

@OP: Are there any other systems 'inside' your hwd fw???

lvm_ · 03-01-2024, 02:55 AM

Nowadays zero trust is the preferred approach. No matter how many firewalls are protecting your system you must configure it as if it is facing the internet, anything else in considered slack and insecure. Hardware firewalls are getting owned all the time https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=cisco

Jason.nix · 03-02-2024, 01:17 AM

Quote:

Originally Posted by lvm_

Nowadays zero trust is the preferred approach. No matter how many firewalls are protecting your system you must configure it as if it is facing the internet, anything else in considered slack and insecure. Hardware firewalls are getting owned all the time https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=cisco

Hello,
Thank you so much for your reply.
How do you set up zero trust in Linux?

lvm_ · 03-02-2024, 04:10 AM

Zero trust is not a switch or a parameter - it is a philosophy, you must tighten up everything as far as it goes. https://en.wikipedia.org/wiki/Zero_trust_security_model

Jason.nix · 03-02-2024, 04:58 AM

Hello,
Thank you so much for all replies.