security

J.A. Neitzel jan.listbox at belvento.org
Sun Oct 7 08:36:01 PDT 2001


Edward Pinski wrote:
> No firewall is a bad thing.  Running a linux computer without a firewall
> is quite risky and will get u to be hacked quite fast if they do a few
> nmap scouts ip scouts.  They find you, and notice no firewall, etc.  You
> could be in trouble, and might have to totally redo your whole LFS, which
> would suck butty.  What I would look into doing is use an iptables script
> that protects you.  Also I would make sure not to run any stupid servers
> like telnet, rsh, rlogin, etc.  They are dumb and cleartext.  Also I would
> look to block your X-Windows ports as well, so that nobody can connect to
> your X-Windows server which auto runs when you startx.

I don't know if I agree completely about the firewall thing... But,
this is mostly because I don't know much about them. Here is what I
am curious to know about...

What if this dial-up (via PPP link?) machine has 0 (zero) ports
listening for connections. In a situation like this, can a firewall
serve any really useful purpose? Probably it can, but could you maybe
give small example to illustrate?

Of course, when a browser, e-mail/news client, etc. operate on this
machine there will be some ports opened up to allow them to do their
thing. Anyway, closing port 6000 is good, along with other suggestions
to not run services you don't need.

Any feedback on my firewall question up there?

>> Good evening all,
>> 
>> I have been reading numerous articles lately on the Net about security.
>> I have to say that I am now more confused than before I started.
>> 
>> I run a single box, an home PC, no networking other than connecting to
>> the Internet via a modem. I have shadow password thingy installed (this
>> OS is LFS3.0). Should I take further measures? I accept that life is
>> full of risk, so I don't take the paranoid approach - apologies Jeff
>> Neitzel, I have read your excellent hint and implemented most of it.
>> It's just that I have reached the age where "C'est la vie" is often the
>> most appropriate response to life's glitches.
>> 
>> Despite this seeming unconcern, I would like to hear the opinions of
>> others on what level of security I should reasonably implement.  Bear in
>> mind, this PC is a home jobby, nothing of importance is stored on it -
>> well nothing that can't be built or typed or downloaded again.
>> 
>> Most of the articles I have read assume the reader is master of some
>> gargantuan network, and either totally ignore small users such as
>> myself, or make sneering side remarks about "home users".  Hence my
>> confusion (and a wee bit of annoyance at their insulting lack of
>> manners).
>> I appreciate that time & energy is valuable to all of you, so just some
>> general pointers would be great to get me started in the right
>> direction.
>> 
>> Many thanks in advance
>> 
>> --
>> Fergus Belford
>> fbmail at ozemail.com.au
>> --
>> This day shall not come again,
>> Each minute a priceless gem.
>> --

-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe blfs-support' in the subject header of the message



More information about the blfs-support mailing list