What are the risks of NOT using a firewall (home computer)?

Since a password is required to be a superuser (to install and modify programs), what are the risks to not use a firewall under Ubuntu ? More particularly if I am using a NAT router ?


Solution 1:

It depends. Most people use a router between their desktop and the internet and by default there are no sigificant open ports, so in the vast majority of user cases a firewall adds very litte, if anything.

It can help if you inadvertantly install a server, such as VNC or SSH.

A better question is what do you want to use a firewall for ?

See:

https://wiki.ubuntu.com/SecurityTeam/FAQ#UFW

https://wiki.ubuntu.com/SecurityTeam/Policies#No_Open_Ports

https://help.ubuntu.com/community/UFW

If you want a graphical tool for your firewall, use gufw

enter image description here

Solution 2:

It sounds like the question is about a host-based firewall on an Ubuntu PC.

IF the machine never leaves the NAT-based network (ie, it is not a laptop that you take to coffee shops and use on free wifi networks),

AND there are no ports open on your router that could be mapped to your Ubuntu machine,

AND your router doesn't have any features which helpfully open ports for you based on things that happen on your network (UPnP)

AND you will never have any other devices on your local network that might be compromised and attack your Ubuntu box,

THEN your system is probably secure without a host-based firewall.

However, if some of these things aren't true, or might become untrue in the future, a host-based firewall is a really good idea. Given the potential benefits and the limited drawbacks, why not enable it?

Solution 3:

Using a NAT, if you have no port forwarding to your machine, it is not accessible from the internet unless you explicitly open a connection to it (with vnc or teamviewer for example) so I think there is no problem not using a firewall on it. The unique worry could come from internal (LAN) access but usually not the case on home lan.

Solution 4:

None whatsoever.

The function of a firewall is to block access to services that otherwise would allow it. Ubuntu has no listening services by default, so there is nothing to block. Further, since you are behind a NAT router, you already effectively have a firewall.

Solution 5:

I think one of the most used firewall feature is to prevent "cracked" programs to check the license on internet. If the "cracked" application doesn't need to be update or doesn't use "online" features, you can prevent it to accessing the internet by setting up a specific firewall rule. Sad but true.