Re: How insecure are cable connections, versus dialup?
Paul Johnson wrote:
> On Sat, Dec 07, 2002 at 09:20:08PM +0100, Frank Gevaerts wrote:
> > What I would do (I don't since I have a dedicated firewall machine) is :
> > - close all unneeded services
>
> Better yet, not just close, purge them.
Yes, absolutely. If you have no need for any piece of software, why not
just get rid of it entirely?
> > - install a firewall that just drops any incoming connection from your
> > cable-connected ethernet interface.
>
> The security gained with this step is epsilon under Linux if you don't
> have services that aren't needed installed.
There may be services that are needed locally, but which should not
accept connections from outside the LAN. These services should be
configured to listen only on the internal interface. A firewall is still
of some value, however, to protect against mistakes in service
configuration (or the possibility of an upgrade causing a service's
behavior to change unexpectedly). These are incremental steps of
security; if the firewall protects you against errors in service
configuration (or bugs in services that cause them to listen to all
interfaces even when they've been told not to), and service
configuration protects against errors in the firewall, then you can feel
more confident of your security than you ought to with either technique
alone.
Craig
Reply to: