should I firewall an open port which isn't used? (was ... Re: Guide(s?) to backup philosophies)

To: debian-user@lists.debian.org
Subject: should I firewall an open port which isn't used? (was ... Re: Guide(s?) to backup philosophies)
From: cbannister@slingshot.co.nz
Date: Sat, 1 Apr 2017 01:00:45 +1300
Message-id: <[🔎] 20170331120044.GU8896@localhost.localdomain>
In-reply-to: <[🔎] b996cffe-6f59-38df-8aa4-35e62a92c150@holgerdanske.com>
References: <[🔎] ef34df2b-20d7-e2ed-f9a4-875cc09c9b68@cloud85.net> <[🔎] 1da38dbd-57cc-816a-b108-9b1a54159701@holgerdanske.com> <[🔎] slrnocd4r9.8pl.dan@xps-linux.djph.net> <[🔎] b996cffe-6f59-38df-8aa4-35e62a92c150@holgerdanske.com>

On Mon, Mar 13, 2017 at 08:58:15PM -0700, David Christensen wrote:
> On 03/13/2017 05:38 AM, Dan Purgert wrote:
> >Currently, the system here is
> >
> > - every PC has a cronjob backing up $HOME to a central "server" (read -
> >   repurposed PC with decent WD drives), just an rsync script that runs
> >   daily.
> 
> Don't forget security:
> 
> 1.  With a "push" arrangement (e.g. each workstation backs up itself to the
> server) -- if a workstation gets compromised, the backups are at risk.
> 
> 2.  With a "pull" arrangement (e.g. the server backs up all the
> workstations) -- if a workstation gets compromised, the backups should be
> safe (and might have clues about the intrusion).  Additionally, the backup
> server can be completely firewalled (e.g. no open ports).

My understanding is that if there are no services listening on a port then
it cannot be accessed.

e.g.

http://serverfault.com/questions/733633/if-no-service-is-listening-on-a-port-can-a-system-still-be-accessed-using-that-p

An I missing something? 

-- 
The media's the most powerful entity on earth. 
They have the power to make the innocent guilty 
and to make the guilty innocent, and that's power.
 -- Malcolm X

Reply to:

Follow-Ups:
- Re: should I firewall an open port which isn't used? (was ... Re: Guide(s?) to backup philosophies)
  - From: Dominik George <nik@naturalnet.de>
- Re: should I firewall an open port which isn't used? (was ... Re: Guide(s?) to backup philosophies)
  - From: <tomas@tuxteam.de>

References:
- Guide(s?) to backup philosophies
  - From: Richard Owlett <rowlett@cloud85.net>
- Re: Guide(s?) to backup philosophies
  - From: David Christensen <dpchrist@holgerdanske.com>
- Re: Guide(s?) to backup philosophies
  - From: Dan Purgert <dan@djph.net>
- Re: Guide(s?) to backup philosophies
  - From: David Christensen <dpchrist@holgerdanske.com>

Prev by Date: Re: Deb-Installer: Possible to set IP using a boot parameter?
Next by Date: Re: should I firewall an open port which isn't used? (was ... Re: Guide(s?) to backup philosophies)
Previous by thread: Re: Guide(s?) to backup philosophies
Next by thread: Re: should I firewall an open port which isn't used? (was ... Re: Guide(s?) to backup philosophies)
Index(es):
- Date
- Thread