[clug] Are outgoing firewalls of any use?
Robert Edwards
bob at cs.anu.edu.au
Wed Jul 1 01:05:29 GMT 2009
Francis Markham wrote:
> A quick question to the CLUG hivemind:
>
> Is there any point in having desktop outgoing firewalls? They are
> common-place on Windows, but are generally considered unnecessary for
> desktop linux.
>
> I can think of two use-cases:
>
> - Block proprietary software from phoning-home (see, for example,
> http://lwn.net/Articles/129729/ ). The correct answer is probably "don't
> use proprietary software" but that is not always a possibility.
> - Provide Windows users with familiar security theater (not really useful
> I guess)
>
> Any thoughts on this?
>
> Cheers,
>
> Francis
Outgoing firewalls are really only of use for preventing malware from
doing basic outgoing stuff. If your machine(s) aren't subject to malware
then outgoing firewalls really only get in the way.
Clever malware can/will tunnel through whatever ports are open.
Most likely, that will include tcp port 80 (http), otherwise the web
disappears. If tcp port 80 is allowed out, then vaguely sophisticated
malware can get out in any case.
Large organisations (like universities) will also block all sorts of
outgoing ports to a) control traffic charges and b) preserve their
standing in the wider internet by not allowing internal malusers to
attack other internet sites etc.
Logging (but not necessarily blocking) is another option for tracking
software that is trying to phone-home.
Cheers,
Bob Edwards.
More information about the linux
mailing list