|Ok, I hear that alot - but why?
|Really, if everything is up to date (latest windows patches, same for
|linux) then why would I (or anyone) need a firewall?
|I've never really understood what they're for...
Several reasons. Here are a few:
1. You may not be able to patch a service in time when a hole is
discovered. Say you run Apache on the LAN. However for some reason or
other you didn't restrict the clients to your local network, or there's
an exploit that will work even with that restriction is in place. Until
that service is patched, you are vulnerable, even if you intended the
service for the LAN. Another hole being exploited now is the MSSQL hole
at port 1433. Not to forget the IIS http hole. With a firewall, you
improve the chances and gain a bit of time (which can be a lot of time
if your vendor, not necessarily a Linux vendor, is not forthcoming with
fixes) provided you don't portforward the service from the outside.
2. You test services but sometimes misconfigure them, leaving them
exposed. A firewall cuts you a bit of slack.
3. With a firewall you prevent noisy services from leaking information
to the outside. I sometimes see Netbios over IP broadcast packets on my
ISPs cable because some silly * has connected their cable modem to
their hub directly.
4. You can reduce the effectiveness of viruses that call home by
allowing clients to connect only to known services.
5. A firewall/gateway allows you to keep a bunch of clients connected to
the Internet even if your main server goes down.
6. If you are running a shared site, you can control what other machines
offer to the Internet with a firewall. E.g. you probably don't want
schoolkids to run P2P servers on school desktops. You can measure and
shape the traffic to clients.
|Same question.. Is it really that bad? If I've got the latest patches
|installed, then there's really nothing anyone can do, except try to
|guess my password, correct?
Wrong, many exploits don't depend on passwords being cracked but on bugs
in the code.