I didn't know about shorewall, so it's good that you recommended it.
I should have mentioned that I already use a router, built in to my ADSL modem, so as far as incoming connections go I have to explicitly set up those ports on my ADSL modem/router (so I will have to forward ports 80 etc. to my Debian machine).
I suppose shorewall will be useful for monitoring/blocking outgoing connections.
I'm not a security expect by any means, so I guess my concern is that by having Testing or Unstable installed, with lots of software not normally used on a server, and by having Apache and other services open to the net, that someone with malicious intent on the net could exploit a hole somewhere that I'm not aware of.
On Tue, 2006-01-31 at 20:03 +1100, Yasir Assam wrote: ...I know that for production servers only the Stable distribution is recommended and as little software as possible should be installed. But as a workstation, I'd like to install Unstable and a lot more software on it than I would on a pure server (e.g. Gnome/KDE, GIMP and loads of other stuff that I like to play around with). What should I do? Is it possible to run Unstable in a secure fashion? I know the security team focuses on releasing security updates to Stable first, but doesn't Unstable get the updates soon after?unstable is most likely to get the updates first, if the same version is being used, because the security team will then need to check the changes. If it is a different version the security updates may be irrelevant and you will depend on having problems promptly fixed by the package maintainers. As a compromise, you could install testing, which will be some way behind unstable, but somewhat less likely to contain serious problems. For security of your internet connection, install a firewall such as shorewall (Debian package) and configure it very restrictively. Oliver Elphick