[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: A simple question FORK! Something that bugs me about net-installs and security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/26/07 19:03, Hodgins Family wrote:
> Many people are installing Debian "from the internet". Yet, the Securing
> Debian Manual suggests no contact with the internet until the
> installation is "secure."
> 
> The manual states that installing the OS off the web is not the best
> idea (Section 3.3 found here:
> http://www.debian.org/doc/manuals/securing-debian-howto/ch3.en.html )
> 
> Is the manual WRONG about net installs?

Did you *read* the link you posted?

    3.3 Do not plug to the Internet until ready

    The system should not be immediately connected to the Internet
    during installation.
    [snip]
    If you cannot do this, you can set up firewall rules to limit
    access to the system while doing the update (see Security
    update protected by a firewall, Appendix F).

http://www.debian.org/doc/manuals/securing-debian-howto/ap-fw-security-update.en.html

> Are net installs (let's say for a Desktop environment) totally without
> vulnerability risks?
> 
> When, during an installation, do/should people think about
> security/vulnerability issues of the software they are installing?

Actually, not much.  Firewalling routers are $50 and do a reasonably
good job.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFus6nS9HxQb37XmcRAntCAKCM00OOHjG8XIy1BfsNZqOOjG1vXQCg2+hh
GWdbAo57hNENVUGg0Sb3QYQ=
=AzCV
-----END PGP SIGNATURE-----
Reply to: