Re: Inet security

To: debian-user@lists.debian.org
Subject: Re: Inet security
From: Paul Johnson <baloo@ursine.ca>
Date: Sun, 08 Jul 2007 11:01:48 -0700
Message-id: <[🔎] 1319932.BjdCVR1EC5@ursa-major.ursine.ca>
References: <E1HyiVb-0000oC-CZ@playground.mcclains.net>

Mike McClain wrote in Article <E1HyiVb-0000oC-CZ@playground.mcclains.net>
posted to gmane.linux.debian.user:

> I saw this on usenet and wonder about the validity of this statement.
> 
> 'Seriously any system is as secure as the services you export, if you
> have nothing listening that can do you harm you are secure...'
> 
> Disregarding email exploits and exploits through your browser is this
> true? Assume the hardware is inviolate.

Generally speaking, yes, this is true.  Though security isn't a one-stop
ordeal or something that you can install and make work.  It's a continuing
process.

You never want to be running or even have installed anything that doesn't
have any practical use on your system.  This is doubly true for network
enabled software, especially if it binds to a port and listens.

"But I can just install a personal firewall and be safe, right?"  I wouldn't
trust any user-facing machine to be a firewall, regardless of what the
software (usually snake oil[1]) says.  Use seperate hardware for your
firewall, even if it's just an old Linksys router that's had it's firmware
replaced with DD-WRT[2].

[1] http://samspade.org/d/firewalls.html
[2] http://en.wikipedia.org/wiki/DD-WRT

-- 
Paul Johnson
Email and IM (XMPP & Google Talk): baloo@ursine.ca

Reply to:

Prev by Date: Re: How to check if a DVD is damaged?
Next by Date: Re: dist-upgrade problem
Previous by thread: Re: FYI: Debian as a desktop system
Next by thread: Re: Inet security
Index(es):
- Date
- Thread