Do I need a firewall for my desktop? [duplicate]
I don't have a router, but I mostly use my desktop for online shopping and torrenting. So, do I have to enable the firewall? I hope not, because I'm really dumb and I don't think I will be able to configure the firewall.
So, do I have to enable the firewall? I hope not, because I'm really dumb and I don't think I will be able to configure the firewall.
Well, if you say so, I would recommend you do not touch any firewall setting. But, hear me well you will be exposed to all kind of threats in the internet. If some time the system start acting weird, or your PC gets filled with spam/advertisement, software you never installed is there, you notice that your bank account is empty, don't get scared. And no, this is not an FUD. Without any kind of layer of protection, his system (and himself) will be vulnerable to all kind of attacks from the internet.
If you don't know how to setup a Firewall and have no router I recommend you to read:
- How can a non-geek set up a proper firewall?
- A commentary from Eliah Kagan about the dangers of not having NAT/Router and a PC at home
- Why is the firewall disabled by default?
In short: It's probably a good idea to run a firewall, but you might not need it if you take care not to run any servers.
The answer to this question depends. It depends on whether or not you are running server applications on your computer.
Let me explain: Often firewalls are configured to allow all outgoing traffic, but to limit incoming traffic to certain ports or certain source-IP addresses.
The reason to allow all outgoing traffic is, that it's tedious to write a comprehensive whitelist of programs and destinations that are allowed to connect, and unless there is spyware on the computer, outgoing traffic is anyhow caused by the user directly, or by a legitimate program (for instance update-manager checking for updates). In other words: laziness. This is also the default setting of the firewall that comes with Windows.
The incoming traffic is limited in order to ensure, that only certain computers can talk to certain server programs. A typical use case is a web server, where remote control access over SSH should only be allowed from computers in the same network, while the website should be visible from all any computer. For this, the allowed source IP range for access to port 22, the SSH port, is set to the local network IP, while for port 80, the HTTP-port, all incoming traffic is allowed.
This leads now to following question: What if no server program is running on a computer and all outgoing traffic should be allowed, does it need a firewall? No, it doesn't. If there is no server listening for incoming connections, the connections will simply fail, no matter, if there's a firewall or not.
So, are any servers running? On most GNU/Linux systems not per default. Nevertheless, if you enable printer- or file sharing, there are, and if those servers have security issues or are configured insecure, your system is vulnerable. An easy way to check for running servers is to use the netstat utility. In order to see which programs are listening for incoming connections, run sudo netstat -tulp
. This will list all (p)rocesses (l)istening for incoming (t)cp and (u)dp connections. On a system that doesn't need a firewall, only programs listening to connections from localhost are in the list. Take my computer as an example:
root@hplj4:/home/andi# netstat -tulp
Aktive Internetverbindungen (Nur Server)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:50189 *:* LISTEN 1822/rpc.statd
tcp 0 0 *:sunrpc *:* LISTEN 1780/rpcbind
tcp 0 0 *:ssh *:* LISTEN 3075/sshd
tcp 0 0 localhost:ipp *:* LISTEN 2618/cupsd
tcp 0 0 localhost:smtp *:* LISTEN 2856/exim4
tcp6 0 0 [::]:56398 [::]:* LISTEN 1822/rpc.statd
tcp6 0 0 [::]:sunrpc [::]:* LISTEN 1780/rpcbind
tcp6 0 0 [::]:ssh [::]:* LISTEN 3075/sshd
tcp6 0 0 localhost:ipp [::]:* LISTEN 2618/cupsd
tcp6 0 0 localhost:smtp [::]:* LISTEN 2856/exim4
udp 0 0 *:44539 *:* 2569/avahi-daemon:
udp 0 0 *:sunrpc *:* 1780/rpcbind
udp 0 0 *:ipp *:* 2618/cupsd
udp 0 0 *:683 *:* 1780/rpcbind
udp 0 0 localhost:726 *:* 1822/rpc.statd
udp 0 0 *:mdns *:* 2569/avahi-daemon:
udp 0 0 *:1900 *:* 2978/minissdpd
udp 0 0 *:38900 *:* 1822/rpc.statd
udp6 0 0 [::]:35567 [::]:* 1822/rpc.statd
udp6 0 0 [::]:sunrpc [::]:* 1780/rpcbind
udp6 0 0 [::]:683 [::]:* 1780/rpcbind
udp6 0 0 [::]:mdns [::]:* 2569/avahi-daemon:
udp6 0 0 [::]:54799 [::]:* 2569/avahi-daemon:
As you can see, the printer daemon and the mail server are only listening to connections from localhost (if you add -n to the netstat command, you'll see that they only listen on the loopback interface 127.0.0.1), so they would be fine. The ssh server is set up intentionally to allow connections from anywhere (not too safe, but well, I need it like this). If it were only those services, a firewall would not be necessary. Since however the portmapper (rpcbind) and the UPNP-daemon (avahi-daemon) are listening to any incoming traffic, those either need to be reconfigured, disabled, or protected by a firewall, so that malicious connections from the internet do not get accepted.
I have found this article, from the Ubuntu Wiki to be helpful!
https://help.ubuntu.com/community/DoINeedAFirewall
If you want/need a firewall you can install and use UFW.
There is also a graphical tool that you can use to configure it and it's very easy to use.
If you want to install ufw:
sudo apt-get install ufw
if you want the graphical interface just install GUFW too:
sudo apt-get install gufw
If you need help using GUFW you can check this guide: https://help.ubuntu.com/community/Gufw