Default firewall in Ubuntu
Ubuntu, like all GNU / Linux systems, comes standard with a software firewall. However, this is not enabled by default after installation of the system. Ubuntu also includes many interfaces to manage this software firewall. This is a more or less complex stack for which the end user only really interacts with the last layers:
-The software firewall in Ubuntu is called Netfilter. Unlike some software firewalls that can be encountered under other operating systems, Netfilter acts directly at the Linux kernel level, which provides good security. Netfilter supports IPV6 as well as connection tracking.
-Iptables has been the default configuration interface for Netfilter since the Linux 2.6 kernel. Its use is nevertheless complex, operating only on the command line and requiring commands with very specific structures.
-Ubuntu therefore introduces a simpler configuration interface, Uncomplicated FireWall (UFW). This command line software offers less advanced options than Iptables, but is suitable for simple and general configurations of a software firewall.
-UFW can also be controlled by a graphical interface, Graphical UFW (GUFW) (or ufw-kde for kubuntu). This must be installed separately.
Linux firewall:
From the user's point of view: Linux does not need a standard firewall because the standard ports are not opened without the user's consent (example: if you install an SSH server, port 22 is open. If you don't install it, it remains. In) Windows is difficult to achieve this level of security.) Linux distributions (such as Ubuntu, etc.) do not start services that listen for incoming requests.
When Windows is installed, many programs for communication, administration, monitoring, reconnection, etc. are installed. All this nonsense listens to incoming requests all the time. Users don't know (and shouldn't know) which ports are open in the Windows box. You don't have this problem on Ubuntu and on a Linux distribution in general.
Worst of all, Windows gives clients accessing these services great control. So there are two problems: a) There are too many unknown open ports waiting for incoming messages. B) These listeners have the "power" to change anything on a Windows device.
You need a firewall if you don't check open ports. This is the usual mode in Windows. Linux allows you to install a firewall, but it is not necessary unless you have no control over what is happening on that computer or you have special requirements.
The program contains bugs and hackers can use it to gain access to your device. In this sense, open source code means that more eyes can read this code and find more errors and correct them faster than disabling the source code in Windows. This is the main reason why Linux is more secure than Windows.
If you have valuable data on your device, then you should seriously consider the Linux (or Apple) box.
A firewall is always a good thing, but whether or not it is necessary is a problem.
The basic principle is that two communication devices on the network must listen and send requests. It is necessary to follow certain communication protocols to understand each other. You know ... TCP, IP, UDP, SMTP ... something like that. Rules of communication. One of those rules is that there must be a communication port. For example, 80 for websites, 443 for SSL-encrypted websites, 21 for FTP connections, and so on.
If nothing is listening now, there is silence and there is no communication.
What does a firewall do? A firewall creates rules for ports and applications. Where the connection is allowed and which applications can connect or not. The firewall always intercepts network traffic, checks if this type of connection is allowed, and acts accordingly.
Why do we need firewalls?
Extra security in case you lose control. For example, there is this application, which should only offer the possibility to use it for remote maintenance and thus open a single port. What most users don't know is that it also opens a web server to a different port without most users knowing. This is where the need for a firewall arises. Because it is a security risk! By the way, the application is available on Windows and Linux.
Whether you need a firewall on Windows or Linux depends on several factors. But there is no single answer. It is an individual goal.
But ... there are some basic reasons why the need for a firewall in Windows is greater than the need for Linux. The main reasons lie in the basic security measures.
In Linux, for example, normal users cannot change the system and install running programs at will. On Linux, many of these things require administrator rights. Windows doesn't care much about these things. Opening a port and making Swiss cheese for safety is not as difficult on Windows as it is on Linux. Unix / Linux systems are also more likely to be used by professionals and enthusiasts who generally have a little more experience and knowledge in their repertoire.
However, it might be a good idea to use one anyway, or at least remove open ports from time to time and make sure everything is fine.
Why doesn't Linux need a firewall by default
If you are using Linux on your home computer, you probably don't need a firewall. Your computer is insulated enough and unlikely to be a rich target on your home LAN. It's very difficult for a pirate to break a nut, and the rewards are unlikely. It's always a good idea to set up a firewall as part of your home computer's security measures.
If you are running a WAN in a corporate environment, consider turning on a firewall. Corporations are a rich target for industrial espionage. Your Linux machine could become a good indoor hacking hub if left unprotected.
If your Linux computer operates on the open internet (for example, a web server), it is important to have a firewall turned on and reduce Internet access services to the minimum required.
Fortunately, Linux distributions provide excellent firewalls. Often times, firewalls are already configured to run and you just need to access and enable them using the GUI configuration application.
Posts
0 Comments