Re: Inet security
Andrew Sackville-West wrote in Article
<20070614180510.GA16458@localhost.localdomain> posted to
gmane.linux.debian.user:
> On Wed, Jun 13, 2007 at 11:08:39PM -0700, Mike McClain wrote:
>> I saw this on usenet and wonder about the validity of this statement.
>>
>> 'Seriously any system is as secure as the services you export, if you
>> have nothing listening that can do you harm you are secure...'
>>
>> Disregarding email exploits and exploits through your browser is this
>> true? Assume the hardware is inviolate.
>> Thoughts?
>
> a port with a listening service is like a locked door with a doorman
> inside waiting to open it for whoever knocks. If they know the
> codeword he'll open it for them.
That's how port-knocking[1] works.
> So the service (as the doorman) determines how serious the security risk
> is at the port (door).
Well, in theory, yes. The problem with this formula is that some services
are promiscuous and don't care who they serve to (http, finger, gopher,
etc).
> If there is no service listening at the port, then there is no way to open
> that port.
Outbound connections require ports, too!
> Of course, since you are running Debian, there are no windows for
> things to climb through and open the door from the inside. ;)
Don't say things like that. What you just said there is like a Windows user
saying, "Why should I stay patched and run antivirus software? It's not
like I use this computer for anything serious..."
--
Paul Johnson
Email and IM (XMPP & Google Talk): baloo@ursine.ca
Reply to: