Re: Unsure about security requirements for workstation/server
- From: Oliver Elphick <olly@xxxxxxxxxx>
- Date: Tue, 31 Jan 2006 11:56:33 +0000
On Tue, 2006-01-31 at 20:03 +1100, Yasir Assam wrote:
...
> I know that for production servers only the Stable distribution is
> recommended and as little software as possible should be installed. But
> as a workstation, I'd like to install Unstable and a lot more software
> on it than I would on a pure server (e.g. Gnome/KDE, GIMP and loads of
> other stuff that I like to play around with).
>
> What should I do? Is it possible to run Unstable in a secure fashion? I
> know the security team focuses on releasing security updates to Stable
> first, but doesn't Unstable get the updates soon after?
unstable is most likely to get the updates first, if the same version is
being used, because the security team will then need to check the
changes. If it is a different version the security updates may be
irrelevant and you will depend on having problems promptly fixed by the
package maintainers.
As a compromise, you could install testing, which will be some way
behind unstable, but somewhat less likely to contain serious problems.
For security of your internet connection, install a firewall such as
shorewall (Debian package) and configure it very restrictively.
Oliver Elphick
--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx
- References:
- Unsure about security requirements for workstation/server
- From: Yasir Assam
- Unsure about security requirements for workstation/server
- Prev by Date: Re: Kernel Source
- Next by Date: pas d'acceleration graphique
- Previous by thread: Unsure about security requirements for workstation/server
- Next by thread: wrong RE: Not a Debian question, but you guys know this stuff...
- Index(es):
Relevant Pages
- Re: Unsure about security requirements for workstation/server
... I suppose shorewall will be useful for monitoring/blocking outgoing connections. ...
I'm not a security expect by any means, so I guess my concern is that by having Testing or Unstable
installed, with lots of software not normally used on a server, and by having Apache and other services
open to the net, that someone with malicious intent on the net could exploit a hole somewhere that I'm
not aware of. ... If it is a different version the security updates may be irrelevant and
you will depend on having problems promptly fixed by the package maintainers. ... As a compromise,
you could install testing, which will be some way behind unstable, but somewhat less likely to
contain serious problems. ... (Debian-User) - Re: USERS group has the ability to change security permissions???
... clean install of windows 2000 professional ... install all security updates
through windows update ... permissions work as they are supposed too! ... permissions
when they right click on local hard disks> properties> security. ... (microsoft.public.win2000.security) - The Big Ol Ubuntu Security Resource
... but its default install has flaws. ... are the mods you need to make to protect
your system. ... If you've recently switched from Windows to the Linux distribution Ubuntu,
... IT Security has prepared a guide to help you ... (microsoft.public.windowsxp.general) - The Big Ol Ubuntu Security Resource
... but its default install has flaws. ... are the mods you need to make to protect
your system. ... If you've recently switched from Windows to the Linux distribution Ubuntu,
... IT Security has prepared a guide to help you ... (microsoft.public.windowsxp.general) - Critical Alert Update - W32.Slammer
... PSS Security Response Team Alert - Update: ... SP2, and Microsoft SQL Desktop
Engine Version (MSDE) 2000 RTM, Microsoft SQL ... and all applications that install
Microsoft SQL Desktop ... (microsoft.public.sqlserver.security)
