Re: Unsure about security requirements for workstation/server

Thanks Oliver.

I didn't know about shorewall, so it's good that you recommended it.

I should have mentioned that I already use a router, built in to my ADSL modem, so as far as incoming connections go I have to explicitly set up those ports on my ADSL modem/router (so I will have to forward ports 80 etc. to my Debian machine).

I suppose shorewall will be useful for monitoring/blocking outgoing connections.

I'm not a security expect by any means, so I guess my concern is that by having Testing or Unstable installed, with lots of software not normally used on a server, and by having Apache and other services open to the net, that someone with malicious intent on the net could exploit a hole somewhere that I'm not aware of.

Thanks,
Yasir
On Tue, 2006-01-31 at 20:03 +1100, Yasir Assam wrote:
...
  
I know that for production servers only the Stable distribution is 
recommended and as little software as possible should be installed. But 
as a workstation, I'd like to install Unstable and a lot more software 
on it than I would on a pure server (e.g. Gnome/KDE, GIMP and loads of 
other stuff that I like to play around with).

What should I do? Is it possible to run Unstable in a secure fashion? I 
know the security team focuses on releasing security updates to Stable 
first, but doesn't Unstable get the updates soon after?
    

unstable is most likely to get the updates first, if the same version is
being used, because the security team will then need to check the
changes.  If it is a different version the security updates may be
irrelevant and you will depend on having problems promptly fixed by the
package maintainers.

As a compromise, you could install testing, which will be some way
behind unstable, but somewhat less likely to contain serious problems.

For security of your internet connection, install a firewall such as
shorewall (Debian package) and configure it very restrictively.

Oliver Elphick

-- To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx

Relevant Pages

  • Re: Unsure about security requirements for workstation/server
    ... > I know that for production servers only the Stable distribution is ... > know the security team focuses on releasing security updates to Stable ... If it is a different version the security updates may be ... As a compromise, you could install testing, which will be some way ...
    (Debian-User)
  • Re: USERS group has the ability to change security permissions???
    ... clean install of windows 2000 professional ... install all security updates through windows update ... permissions work as they are supposed too! ... permissions when they right click on local hard disks> properties> security. ...
    (microsoft.public.win2000.security)
  • The Big Ol Ubuntu Security Resource
    ... but its default install has flaws. ... are the mods you need to make to protect your system. ... If you've recently switched from Windows to the Linux distribution Ubuntu, ... IT Security has prepared a guide to help you ...
    (microsoft.public.windowsxp.general)
  • The Big Ol Ubuntu Security Resource
    ... but its default install has flaws. ... are the mods you need to make to protect your system. ... If you've recently switched from Windows to the Linux distribution Ubuntu, ... IT Security has prepared a guide to help you ...
    (microsoft.public.windowsxp.general)
  • Critical Alert Update - W32.Slammer
    ... PSS Security Response Team Alert - Update: ... SP2, and Microsoft SQL Desktop Engine Version (MSDE) 2000 RTM, Microsoft SQL ... and all applications that install Microsoft SQL Desktop ...
    (microsoft.public.sqlserver.security)