Russell L. Harris:
> * tv.debian@googlemail.com <tv.debian@googlemail.com> [110103 09:24]:
>
>> But if you do only web browsing and email and don't run any
>> web-facing services you should be fine anyway.
>
> I do not understand; what is a "web-facing service"?
It is a program accepting random connections from arbitrary source
addresses ("the internet"), like a web/FTP/mail server. In order to
check which programs listens on which port, post the output from
'netstat -tulpn' (run as root).
You should be aware that most people in here translate "firewall" as
"packet filter". Configuring a packet filter requires knowledge of
TCP/IP networking, so if you don't understand the term above, but still
feel the need to "secure" your system, you will need to learn about
that.
>> The major threats are web browser security holes (update often)
>> especially through flash and java plug-ins, and pdf.
>
> Flash and java are in most web pages. Does a firewall not protect
> against these threats?
If firewall == "packet filter": No. Otherwise: Maybe, but probably not.
> or are browser updates necessary even with a firewall?
Absolutely!
>> Firewall alone won't protect you from man in the middle and such
>> niceties on open untrusted networks.
>
> Understood. This need is for socializing around the table at
> StarBucks, Internet cafes, etc.
Check for open ports (see the netstat-command above), always install the
latest upgrades and make sure to use encrypted connections whenever
possible.
J.
--
If I could travel in time I would show my minidisc to the Romans and
become Caesar until the batteries ran out.
[Agree] [Disagree]
<http://www.slowlydownward.com/NODATA/data_enter2.html>
Attachment:
signature.asc
Description: Digital signature