On Fri, Sep 25, 2020 at 09:01:26AM -0400, Gene Heskett wrote:
Your paranoia is excessive. I have 5 machines online ATM, but they are all on a local network in the 1902.168.xx.xx block, which is NOT routable from the internet but are NAT'd to my net address by having such a setup in a router running dd-wrt. In nearly 2 decades, no one has come into my systems from the internet that I didn't give the credentials to do so.
You post this all the time, but it's irrelevant at best and misleading at worst. On a default debian system these days an external firewall is basically a noop because there are no services listening. The attack vector in modern environments is much more likely to be client exploits (e.g., web browser) and a perimeter firewall adds zero protection from that threat. And, honestly, most people who are compromised have no clue that they are unless someone tells them.
Telling people that all they need to do is install a perimeter firewall and then they're secure is simply wrong.