Re: firewall package for laptop wi-fi client

To: debian-user@lists.debian.org
Subject: Re: firewall package for laptop wi-fi client
From: Andrei Popescu <andreimpopescu@gmail.com>
Date: Mon, 3 Jan 2011 12:20:37 +0200
Message-id: <[🔎] 20110103102037.GH6404@think.homelan>
In-reply-to: <[🔎] 20110103095545.GB3539@rlharris.org>
References: <[🔎] 20110103044227.GA2635@rlharris.org> <[🔎] 4D218609.4090705@googlemail.com> <[🔎] 20110103095545.GB3539@rlharris.org>

On Lu, 03 ian 11, 09:55:45, Russell L. Harris wrote:
> 
> > But if you do only web browsing and email and don't run any
> > web-facing services you should be fine anyway.
> 
> I do not understand; what is a "web-facing service"?

For example a web server (apache) or some other services accessible from 
outside (ftp, ssh, file-sharing, ...). A counter-example would be cups 
(the print server) which by default only accepts connections from the 
same machine.

> > The major threats are web browser security holes (update often)
> > especially through flash and java plug-ins, and pdf.
> 
> Flash and java are in most web pages.  Does a firewall not protect
> against these threats? or are browser updates necessary even with a
> firewall?

A firewall is just an additional layer of protection against possible 
intruders, but it will not protect you against malware that affects 
programs which access the internet "over" the wall (like browsers and 
other *client* software) or software listening behind doors (ports) 
which you have opened on purpose, to make that software (service) 
accessible from the internet (like the web server above).

> > Hosting windows virus in mails attachments can also be a problem if
> > you have win machines on the lan, virus scanner clamav can help
> > here.
> 
> This is a Window$-free environment.

As long as you don't run programs from outside Debian you can be 99,...% 
sure that your own software doesn't play ugly tricks on you, as many 
proprietary softwares do.

Unfortunately the Adobe flash plugin is not from Debian (even though you 
can install it with the flashplugin-nonfree helper package from contrib) 
and has had vulnerabilities in the past :(

> > Firewall alone won't protect you from man in the middle and such
> > niceties on open untrusted networks.
> 
> Understood.  This need is for socializing around the table at
> StarBucks, Internet cafes, etc.  

Maybe you could go into details about what software you are using, in 
order to get more specific recommendations.

Regards,
Andrei
-- 
Offtopic discussions among Debian users and developers:
http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- firewall package for laptop wi-fi client
  - From: "Russell L. Harris" <rlharris@broadcaster.org>
- Re: firewall package for laptop wi-fi client
  - From: "tv.debian@googlemail.com" <tv.debian@googlemail.com>
- Re: firewall package for laptop wi-fi client
  - From: "Russell L. Harris" <rlharris@broadcaster.org>

Prev by Date: Re: firewall package for laptop wi-fi client
Next by Date: Re: firewall package for laptop wi-fi client
Previous by thread: Re: firewall package for laptop wi-fi client
Next by thread: Re: firewall package for laptop wi-fi client
Index(es):
- Date
- Thread