Re: cups security summary
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>>>>> "Dale" == Dale Southard <southard1@llnl.gov> writes:
Dale> If you've done step 1, step 2 is redundant protection. There
Dale> shouldn't be anything listening on 631 anyplace except loopback.
Right, but step 2 has no negative effects (other than some extra time
needed to learn how to set up the firewall), and ensures that no one can
connect to port 631 even if you accidentally misconfigure something, or
something overwrites your configuration.
IMHO, pretty much every box should have its own firewall installed. It
prevents various bad things from happening (trojans, misconfigured
daemons) and is an extra layer of protection "just in case". You can
set it up to deny all packets except for
- packets which are part of a connection that you established
(e.g. HTTP replies)
- whatever ports you want open to the public
- --
Hubert Chan <hackerhue@geek.com> - http://www.geocities.com/hubertchan/
PGP/GnuPG key: 1024D/71FDA37F
Fingerprint: 6CC5 822D 2E55 494C 81DD 6F2C 6518 54DF 71FD A37F
Key available at wwwkeys.pgp.net. Encrypted e-mail preferred.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8tm2nZRhU33H9o38RAlB6AJ9dCp2HsASAYX4lnF0OHRxlhyXKLQCgwWol
lKhtaGUMfqM8VW5kqzL8zps=
=dMWw
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: