Firewall Management
Focusing on security
I stated in the first paragraph that firewalls are a single part of an overall security strategy and not a panacea. You have just configured a firewall exception to allow remote access to port 80 for the Apache web server. Doing so creates a vulnerability on the host system. For the moment, assume that you only allow ports 22 (SSH) and 80 (HTTP) on that server system. That’s two vulnerabilities. These are what security people call “acceptable risk.” You have to accept some risk when you allow network access to a system’s services.
The reason allowing access creates vulnerabilities is that you’re allowing computers on a network, and possibly the entire Internet, to access this system via port 80. What if the version of Apache you installed has an unpatched security flaw? Your system is exposed and vulnerable to that flaw until it’s patched. The firewall won’t protect the system because you have allowed access to that port. The door is open.
Is this a real problem? Yes, and no. It is a problem but the alternative is to have no services running on computers, which means you have no customers or employees connecting to those services. That’s not acceptable. There is some degree of risk that you have to accept to run a service. You have to practice due diligence and protect the system in other ways (encryption, application firewall, backups, and monitoring) and routinely patch the system.
Summary
You should have a host-based firewall running on every system on your network—no exceptions. A firewall, as stated previously, is not the perfect security tool, but it does help protect the system from attacks on other services that are not exposed. The same rules apply to network firewalls. This is why you must employ a multi-layered approach to security and not rely on any one technology or solution. Firewalld is installed and enabled by default on all Red Hat-based systems, which should put system administrators at ease that their systems are protected as soon as they’re placed online.
« Previous 1 2
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Gnome OS Transitioning Toward a General-Purpose Distro
If you're looking for the perfectly vanilla take on the Gnome desktop, Gnome OS might be for you.
-
Fedora 41 Released with New Features
If you're a Fedora fan or just looking for a Linux distribution to help you migrate from Windows, Fedora 41 might be just the ticket.
-
AlmaLinux OS Kitten 10 Gives Power Users a Sneak Preview
If you're looking to kick the tires of AlmaLinux's upstream version, the developers have a purrfect solution.
-
Gnome 47.1 Released with a Few Fixes
The latest release of the Gnome desktop is all about fixing a few nagging issues and not about bringing new features into the mix.
-
System76 Unveils an Ampere-Powered Thelio Desktop
If you're looking for a new desktop system for developing autonomous driving and software-defined vehicle solutions. System76 has you covered.
-
VirtualBox 7.1.4 Includes Initial Support for Linux kernel 6.12
The latest version of VirtualBox has arrived and it not only adds initial support for kernel 6.12 but another feature that will make using the virtual machine tool much easier.
-
New Slimbook EVO with Raw AMD Ryzen Power
If you're looking for serious power in a 14" ultrabook that is powered by Linux, Slimbook has just the thing for you.
-
The Gnome Foundation Struggling to Stay Afloat
The foundation behind the Gnome desktop environment is having to go through some serious belt-tightening due to continued financial problems.
-
Thousands of Linux Servers Infected with Stealth Malware Since 2021
Perfctl is capable of remaining undetected, which makes it dangerous and hard to mitigate.
-
Halcyon Creates Anti-Ransomware Protection for Linux
As more Linux systems are targeted by ransomware, Halcyon is stepping up its protection.