Why Should I Use A Firewall With Puppy? Do You?

For discussions about security.
Post Reply
Message
Author
User avatar
Amgine
Posts: 231
Joined: Thu 22 Sep 2011, 01:27
Location: Washington State

Why Should I Use A Firewall With Puppy? Do You?

#1 Post by Amgine »

From what I read, a lot of Linux users feel secure enough not to run a firewall.

With puppy as soon as I enable an Internet connection it gives me an option to enable the firewall, "I do". Knowing that if running programs that have open ports, FTP, Messenger, Torrents, can leave open doors, but you allow that with the firewall anyway. (I really don't use any of them)

How much is the Firewall needed when using Puppy / Linux, should I be using it? Is it a must for using public Wifi, not needed if at home?

Dewbie

#2 Post by Dewbie »

In the mood for a debate?
Here's a 12-page thread about firewalls with Puppy:
http://www.murga-linux.com/puppy/viewto ... 14&t=66966
Last edited by Dewbie on Wed 11 Jan 2012, 08:40, edited 1 time in total.

User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

#3 Post by Flash »

I don't use a firewall. I run Puppy Linux from a multisession DVD in a computer with no hard disk drive. Multisession Puppy loads from the DVD into RAM, including all the programs I've installed and all the settings I've changed, from sessions that were saved on the DVD. Usually I don't save a new session to the DVD when I shut down unless I've installed a new program that I liked or changed something I want to keep. If I've been messing around on the internet in places that might be dangerous, I simply shut off the power when I'm done, wiping everything from RAM. The next time I boot up, it's back to the way it was the last time I booted, before I did anything.

I feel that as long as I only save to the DVD if I've been reasonably careful on the internet for that session, there's little chance of contamination. If I do suspect I've picked something up, I can use the boot option that makes multisession Puppy not load into RAM the last n sessions that were saved on the DVD. (I haven't used it in so long I forget what that boot option is.)

postfs1

#4 Post by postfs1 »

Amgine wrote: ...Use A Firewall With Puppy? Do You?
I use firewall because i get a big list of blocked connections. (Some IPs are such a strange... Questions without answers: serious side wanna see an attractive women :? a funny cartoons :? a simple pictures :? a musical video :? Serious side already knows everything what i'm thinking about - serious side is able to name the name of the city what i see on the paper map without watching into my side...)

I use firewall because i have lost the "nvidia-driver.pet" file in the ordinary conditions which was on the file partition of USB flash drive.
Last edited by postfs1 on Tue 24 Jan 2012, 13:24, edited 5 times in total.

User avatar
Amgine
Posts: 231
Joined: Thu 22 Sep 2011, 01:27
Location: Washington State

#5 Post by Amgine »

Thank you for the replies, and the link.
I use firewall because i get a big list of blocked connections.
Where do I get the "Blocked Connection" report?

postfs1

#6 Post by postfs1 »

Amgine wrote: Where do I get the "Blocked Connection" report?
I know how i can get the report. :arrow:
:arrow: http://www.murga-linux.com/puppy/viewto ... 209#587209
:arrow: Theme: Security/Privacy
:arrow: Topic about the "Guarddog" program
:arrow: Topic about the "Firestarter" program
:arrow: Topic about the "Gufw" program
:arrow: Topic about the "FWBuilder" program

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#7 Post by Lobster »

There is no real need to run the firewall
as Puppy runs without servers and other daemons connected as many
Linux do (look at us we don't run as root - blah blah blah)

. . . for the first few years (two or three) most of us ran Puppy happily with no firewall
Now my router has a firewall - so again no need

. . . however the Puppy firewall is there
so I tend to run it. Does it switch anything off?

I also run from Ethernet but sadly but usefully my router has wifi
- which I must admit is used with the Wii and such like . . .

I would suggest the Pup ad blocker and flashblock in Puppy 5.3.1 is a far more functional and effective measure . . . 8)
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

#8 Post by Flash »

Right, Lobster. I couldn't live without Flashblock. :)

User avatar
Amgine
Posts: 231
Joined: Thu 22 Sep 2011, 01:27
Location: Washington State

I have no need for a firewall 8)

#9 Post by Amgine »

Good point, I will check out Flashblock, Have you used NoScript or Ghostery? They do a good job of blocking those pesky Google trackers and others as well.

Do any of them really speed up surfing?

I usually run wifi. No ethernet close by.

User avatar
sickgut
Posts: 1156
Joined: Tue 23 Mar 2010, 19:11
Location: Tasmania, Australia in the mountains.
Contact:

#10 Post by sickgut »

you dont need a firewall with linux unless you have servers that are running with easily guessable passwords. If you can tell me one instance with Puppy where this is not true then i will send you one whole super sickgut fun dollar drawn on some monopoly money, redeemable at sickguts house for one slice of toast.

User avatar
Amgine
Posts: 231
Joined: Thu 22 Sep 2011, 01:27
Location: Washington State

#11 Post by Amgine »

sickgut wrote:you dont need a firewall with linux unless you have servers that are running with easily guessable passwords. If you can tell me one instance with Puppy where this is not true then i will send you one whole super sickgut fun dollar drawn on some monopoly money, redeemable at sickguts house for one slice of toast.
What do you think about Windows? Does it need one? I know it needs an anti virus, but I did something better and installed Linux :lol:. But there too I did not run one when I did. Just "Avast".

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#12 Post by Lobster »

What do you think about Windows?
:shock:

Is that a malware magnet on your CPU or are you
just pleased for everyone to see you . . . :oops:

Norton (once a good company) and similar scam artists sell you garbage
because you are ignorant. Windows costs lives.

Try Puppy School.
I will do a security tutorial soon . . .
http://puppylinux.org/wikka/PuppySchool
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

User avatar
jim3630
Posts: 791
Joined: Mon 14 Feb 2011, 02:21
Location: Northern Nevada

#13 Post by jim3630 »

Amgine

NoScript allows JavaScript, Java, Flash web sites of your choice only.

RequestPolicy blocks cross-site requests by webpages you visit.

these two block different potential attacks.

using these two gives me lighting fast browsing similar to text only based browsers like Dillo but with some graphic enrichment.

User avatar
Amgine
Posts: 231
Joined: Thu 22 Sep 2011, 01:27
Location: Washington State

#14 Post by Amgine »

Is that a malware magnet on your CPU or are you
just pleased for everyone to see you . . . Embarassed
What :shock: !!!! Shouldn't secure boot protect me against that :twisted: :lol: .
I will be looking forward to your tutorial.
Amgine

NoScript allows JavaScript, Java, Flash web sites of your choice only.

RequestPolicy blocks cross-site requests by webpages you visit.

these two block different potential attacks.

using these two gives me lighting fast browsing similar to text only based browsers like Dillo but with some graphic enrichment.
Thank you, I will download that.

Bruce B

Re: Why Should I Use A Firewall With Puppy? Do You?

#15 Post by Bruce B »

Amgine wrote: With puppy as soon as I enable an Internet connection it gives me an option to enable the firewall, "I do". Knowing that if running programs that have open ports, FTP, Messenger, Torrents, can leave open doors {cut}
The "doors" you refer to are of course ports. Data communication occurs on these ports. Data has only one of two directions to flow, (1) in and/or (2) out.

The port a connectivity application binds to is (for the most part with some possible exceptions) used exclusively by that application.

The application will usually use that port to send requests out, meaning to say in the outbound direction.

The requests it sends are to specific IP(s) and port(s). The inbound data, meaning the answers to these requests almost always arrive at ports other than the one they were sent from.

The answers to the requests are 'expected' and allowed in. Unexpected data or non requested data is not allowed in.

Summary at this point: Open ports are not to be construed or conceptualized as an entry/exit point where any data may simply enter in or exit at will. There would be tight programming constraints at each and every open port.

Just as importantly, what the data can do when it is allowed in and out of the ports?!

Changing subject

I found a software firewall which can be used on Windows machines. The name was Kerio Personal. It allowed specific control of inbound and outbound data, ports, applications, protocol and much more.

I have not seen a similar firewall available for our Linux machines. I have not found a Linux firewall worth using considering I already have NAT technology firewall built into my router.

I use the router to block all unsolicited inbound traffic except PORT 113 which I route to a non-existent computer on the local network.

Summary: It isn't that I feel 'safe' not using a Linux firewall, rather that I think it is unnecessary considering the router is already doing the job.

~

After reading this post, I thought I painted too safe a picture. Some of these connectivity applications can be hijacked or compromized allowing a remote computer to wreak havoc on your machine. Things are not necessarily safe and I don't think using a firewall even helps in these scenerios.

~

User avatar
Amgine
Posts: 231
Joined: Thu 22 Sep 2011, 01:27
Location: Washington State

#16 Post by Amgine »

Some of these connectivity applications can be hijacked or compromized allowing a remote computer to wreak havoc on your machine. Things are not necessarily safe and I don't think using a firewall even helps in these scenerios.
With this, is it just a matter of I am as safe as my security (WPA not WEP) and password?

Bruce B

#17 Post by Bruce B »

Amgine wrote:
Some of these connectivity applications can be hijacked or compromized allowing a remote computer to wreak havoc on your machine. Things are not necessarily safe and I don't think using a firewall even helps in these scenerios.
With this, is it just a matter of I am as safe as my security (WPA not WEP) and password?
I don't think any of the above provides protection.

More specifics.

Hiawatha, my HTTP server might be used as a service on the Internet. This might mean I have it set up so anyone can access and use its services. A vulnerability in Hiawatha could be exploited by anyone because my computer is serving everyone.

Firefox on the other hand is not server and not providing any services. If I simply have it open the same as I might have Hiawatha open, I am not at risk.

The risk factors with Firefox come into play when I start using it by communicating with other servers on the Internet. There is still not a danger unless I'm communiting with servers which have software designed to exploit Firefox vulnerabilities. (a bit simplistic on my part, but you get the general idea.

While using this forum, I'm making two types of HTTP requests. POST and GET. If all I did with Firefox was use it to send and receive data from this forum, I don't believe I would need any kind of security implemented. The reason why is I don't believe this server is exploiting any weaknesses on any Browsers, including Firefox.

Of course if my 'belief' about the benign nature of this forum is wrong, well, that is another story.

If you want to be safe from exploits on the Internet, choose and use your connectivity applications wisely.

The little editor Leafpad should be 100% safe to use. The reason why is not because it has a lot of security built into. The reason is because it has no connectivity built into it.



Sometimes things happen. The kind of problems I've had with computers and dangers listed below.

1) I broke a fingernail.

2) I bumped my elbow on the keyboard drawer and it hurt for a long time

3) I broke an open CD Drive tray with my knee.

4) I installed malware from a source I trusted and took revenge after I figured it out.

~

Post Reply