Re: firewall package for laptop wi-fi client
You should probably be running a plugin/extension that turns off flash
and javascript, and let you selectively enable for individual sites.
On firefox/iceweasel, these would be flashblock and noscript. I also
have adblock plus installed. With careful use, this will cull out most
of the malicious stuff.
As for needing a firewall, if you run as few network services as
possible, you really don't need a firewall, or at least minimal rules.
For instance, my laptop has the following ports:
PORT STATE SERVICE
22/tcp open ssh
5666/tcp open nrpe
8010/tcp open xmpp
If you are on a public wifi, you can turn off ssh server (the client
will still work) and nrpe (the Nagios client). On the other hand, if
you turn off password auth in ssh, you should be relatively safe
leaving ssh running. xmpp is the jabber client, and if you are not
using chat, then that should be turned off.
--b
On Mon, Jan 3, 2011 at 5:02 AM, Jari Fredriksson <jarif@iki.fi> wrote:
> On 3.1.2011 11:55, Russell L. Harris wrote:
>
>>
>>> The major threats are web browser security holes (update often)
>>> especially through flash and java plug-ins, and pdf.
>>
>> Flash and java are in most web pages. Does a firewall not protect
>> against these threats? or are browser updates necessary even with a
>> firewall?
>>
>
> Most web sites today do NOT have Java Applets. Javascript is NOT Java.
> Totally different concept, and that is very common, almost 100% of web
> sites do has Javascript.
>
> Firewall does not protect from Web Browser vulnerabilities, browser
> updates are must.
>
> --
>
> Tomorrow, this will be part of the unchangeable past but fortunately,
> it can still be changed today.
>
>
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: [🔎] 4D219ED2.60204@iki.fi">http://lists.debian.org/[🔎] 4D219ED2.60204@iki.fi
>
>
Reply to: